Personally identifiable information guide: a list of PII examples
Although Matomo Analytics is a web analytics software that tracks user activity on your website, we take privacy and personally identifiable information (PII) very seriously. We feel our readers would benefit from being as informed as possible about personally identifiable data and what can be considered PII identifiers.
Curious about PII really means? This PII introduction will walk you through what PII is.
What’s considered PII depends on the context as well as which country you live in. Different parts of the world have factored in definitions of what “PII” or “personal data” is in their laws. It’s advisable for you to read up on the laws relevant to your part of the world.
This non-exhaustive list shows examples of what may be considered personally identifiable information:
- Name: full names (first, middle, last name), maiden name, mother’s maiden name, alias
- Addresses: street address, email address
- Phone numbers: mobile, business, personal
- Asset information: internet protocol (IP), media access control (MAC)
- Personal identification number: social security number (SSN), passport number, driver’s license, state identification number, taxpayer identification number, patient identification number, financial account or credit/debit card
- Personal features: photographic images (that have distinguishing features e.g. show the face), x-rays, fingerprints, retina scan, voice signature
- Information identifying personally owned property: Vehicle Registration Number
Information can also be linked to identify an individual. This information that can be combined with others to form a person’s identity may also be regarded PII:
- Date of birth
- Place of birth
- Geographical location
- Employment information
- Medical information
- Education information
- Financial information
- Family members
Additional information considered personal data under GDPR:
- Ecommerce order ID
- IP address
- Cookie ID
- Location data
- Data held by a doctor that could uniquely identify an individual
- Other “online identifiers” such as tools, applications, or devices (like their computer/smartphone)
- “Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.” – European Commission.
- Information that can’t be used to identify an individual
- Anonymised data
- A company registration number
Want to learn what PII means for you? Read this introduction to PII.