Personally Identifiable Information (PII) is any information that can be used to distinguish or trace an individual's identify, whether alone or in combination with other information. This definition is broad. Also, context matters. Non-sensitive information is PII that cannot reasonably be expected to adversely affect the privacy of the individuals, if disclosed. Non-sensitive PII may be found in widely available public records, and, generally, cannot be used alone to determine an individual's identify. However, non-sensitive PII can be used in combination with other information to reveal the identify of an individual, and should therefore be protected to reduce privacy risk. Examples include year of birth, age, place of birth, zip code, region, educational attainment and occupation. Sensitive PII is any information which could adversely affect the privacy of individuals and result in harm, embarrassment, inconvenience or unfairness to an individual. Examples include Social Security numbers, biometrics, medical records and financial records. Other data elements that might be used to identify an individual in combination with other identifiers include demographic information (age, sex, race, religious affiliation), email address, telephone number, physical address, mother's maiden name, geolocation, and photos. Limit the collection of PII to the minimum amount necessary to complete the task. When collecting PII, collect it directly from the individual when possible. Allow the individual to make an informed decision about providing their data. >"If you collect it, you must protect it!" If you collect PII, you must protect PII. At a minimum, password protect or encrypt any files that contain PII. When sharing password protected files with others (who have a legitimate need to know), send the password separately from the file. Never include PII in the body of an email. If possible, remove PII that is used as a unique identifier from the dataset (e.g., email address, Social Security number) and replace it with another identifier, such as a [[universally unique identifier]] (UUID). However, keep in mind that the dataset should still be protected if it contains potentially sensitive information. Have a plan for when and how PII will be disposed of after it is no longer needed. Also, be prepared to act in case of a breach. See [[data reidentification]] for more strategies on protecting individuals from reidentification in datasets that contain PII. See also: Informed Consent