Personally Identifiable Information (PII)
Data Description
Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. Personal information that is “de-identified” (maintained in a way that does not allow association with a specific person) is not considered sensitive. Note that NETID numbers by themselves are not considered sensitive or personally identifiable information. University policies, contractual obligations, and information security laws and regulations require appropriate protection of PII that is not publicly available. These regulations apply to PII stored or transmitted via any type of media: electronic, paper, microfiche, and even verbal communication. PII does not include publicly available information that is lawfully made available to the public from federal, state, or local government records.
Examples of PII:
Name: full name, maiden name, mother’s maiden name, or alias
Personal information:
- Identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account, or credit card number
- Address information: street address, or email address
- Telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
Biometric data: retina scans, voice signatures, or facial geometry
Information identifying personally owned property: VIN number or title number
The following data ON ITS OWN is not considered PII, however WHEN COMBINED with the above PII can be used to identify a specific individual:
- Date or place of birth
- Business telephone number, mailing or email address
- Race, religion
- Geographical indicators
- Employment, medical, education, or financial information
Permitted | IT Tools & Products |
---|---|
Google Drive | |
Gmail | |
Outlook | |
Microsoft OneDrive for Business | |
Microsoft Teams | |
ISAAC Secure Enclave | |
Windows Virtual Machines (VMs) | |
Linux Virtual Data Center Workstations (Linux vDWS) | |
Virtual Data Center WorkStations (vDWS) | |
WebEx FedRAMP | |
Zoom | |
Globus - Secure Enclave | |
Qualtrics *Allowed if written approval provided in IRB documents | |
REDCap *Allowed if written approval provided in IRB documents | |
Amazon Web Services (AWS) | |
Google Cloud Platform (GCP) | |
Google Cloud Platform FedRAMP | |
Microsoft Azure | |
Microsoft Azure FedRAMP | |
ISAAC Legacy | |
ISAAC Next Generation cluster (ISAAC-NG) | |
Globus - Open Enclave |
Additional Resources
Contact the Office of Research, Innovation, and Economic Development (ORIED) for additional information about data types.
Rob Withrow, Director, Human Research Protection Program
email: rwithrow@utk.edu
phone: 865-974-7494