Body
Question
What is PII (Personally Identifiable Information)?
Answer
South Dakota (SD) Breach Law defines PII as:
Personal Information Definition. SD’s statute covers both Personal information and Protected information.
Personal Information means a person’s first name or first initial and last name, in combination with any one or more of the following data elements:
- Social Security Number
- Driver license number or any other unique identification number created or collected by a government body
- Account number or credit card number or debit card number in combination with any required security code, access code, password, routing number, PIN, or any additional information that is necessary to access the financial account
- Health information as defined in 45 CFR 160.103 (HIPAA)
- An identification number assigned to a person by the person's employer in combination with any required security code, access code, password, or biometric data generated from measurements or analysis of human body characteristics for authentication purposes
The term does not include information that is lawfully made available to the general public from federal, state, or local government records or information that has been redacted, or otherwise made unusable.
Protected Information includes:
- A user name or email address, in combination with a password, security question answer, or other information that permits access to an online account; and
- Account number or credit and debit card number, in combination with any required security code, access code, or password that permits access to a person’s financial account