what is pii in cyber security

Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. It is a legal term that refers to information that can be used to distinguish or trace an individuals identity, either by itself or in combination with other personal or identifying information that is linked or linkable to an individual. PII includes any representation of information that permits the identity of an individual to whom the information applies. Examples of PII include name, social security number, date and place of birth, mother's maiden name, biometric records, medical, educational, financial, and employment information. Protecting PII is essential for personal privacy, data privacy, data protection, information privacy, and information security. With just a few bits of an individual's personal information, thieves can create false accounts in the person's name, incur debt, create a falsified passport, or sell a person's identity to a criminal. Sensitive PII is information that, when disclosed, could result in harm to an individual. In a data breach, PII is a target for attackers due to its high value when sold on darknet markets.