In information security, personally identifiable information (PII) means data that can be used to identify a specific person, such as:
- Bank details
- Social Security numbers
- Driver's license numbers
Because of PII's potential use in identity theft or financial crime, it's a prime target for cyber attacks. There are also legal and regulatory requirements that mandate specific protections for PII, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). In a cloud environment, measures such as encryption and access controls are often implemented in order to protect PII. A data breach involving PII can result in financial loss, damage to reputation, and even legal liability in some cases.