The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. PII should be protected from inappropriate access, use, and disclosure. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. Organizations are encouraged to tailor the recommendations to meet their specific requirements.
Cited By
- Vishwamitra N, Li Y, Hu H, Caine K, Cheng L, Zhao Z and Ahn G Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy, (65-76)
- Baron B and Musolesi M (2020). Where You Go Matters, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 4:4, (1-32), Online publication date: 17-Dec-2020.
- Tonge A and Caragea C (2020). Image Privacy Prediction Using Deep Neural Networks, ACM Transactions on the Web, 14:2, (1-32), Online publication date: 19-Apr-2020.
- Reaves B, Vargas L, Scaife N, Tian D, Blue L, Traynor P and Butler K (2018). Characterizing the Security of the SMS Ecosystem with Public Gateways, ACM Transactions on Privacy and Security, 22:1, (1-31), Online publication date: 23-Jan-2019.
- Liu Y, Song T and Liao L (2019). TPII: tracking personally identifiable information via user behaviors in HTTP traffic, Frontiers of Computer Science: Selected Publications from Chinese Universities, 14:3, Online publication date: 19-Dec-2019.
- Baudart G, Dolby J, Duesterwald E, Hirzel M and Shinnar A Protecting chatbots from toxic content Proceedings of the 2018 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software, (99-110)
- Xu M, Qian F, Mei Q, Huang K and Liu X (2018). DeepType, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2:4, (1-26), Online publication date: 27-Dec-2018.
- Bennett J (2017). The Meanings in the Machine, Computer, 50:9, (112-112), Online publication date: 1-Jan-2017.
- Rakos K, Ruffino A, Li C, Mao K, McBee L, McBee R, Molo M, Shah S, Sibley I and Stagge T (2017). Purdue University Team Tackles Global Underwater-Vehicle Competition, Computer, 50:9, (106-110), Online publication date: 1-Jan-2017.
- Chung H, Iorga M, Voas J and Lee S (2017). “Alexa, Can I Trust You?”, Computer, 50:9, (100-104), Online publication date: 1-Jan-2017.
- de Freitas A, Nebeling M, Ranithangam A, Yang J and Dey A Bluewave Proceedings of the 8th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, (38-49)
- Wang D, Zhang Z, Wang P, Yan J and Huang X Targeted Online Password Guessing Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (1242-1254)
- Backes M, Berrang P and Manoharan P From Zoos to Safaris--From Closed-World Enforcement to Open-World Assessment of Privacy Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808, (87-138)
- Zhang F, Shih F and Weitzner D No surprises Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, (291-296)
- Malheiros M, Jennett C, Patel S, Brostoff S and Sasse M Too close for comfort Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, (579-588)
- Halpin H and Cook B Federated Identity as Capabilities Revised Selected Papers of the First Annual Privacy Forum on Privacy Technologies and Policy - Volume 8319, (125-139)
- Krishnamurthy B and Wills C (2010). On the leakage of personally identifiable information via online social networks, ACM SIGCOMM Computer Communication Review, 40:1, (112-117), Online publication date: 7-Jan-2010.
- Krishnamurthy B and Wills C On the leakage of personally identifiable information via online social networks Proceedings of the 2nd ACM workshop on Online social networks, (7-12)
- Layng K Non-technical keys to keeping your personally identifiable information PII risk mitigation project on track Proceedings of the 37th annual ACM SIGUCCS fall conference: communication and collaboration, (223-228)
Recommendations
On the leakage of personally identifiable information via online social networks
WOSN '09: Proceedings of the 2nd ACM workshop on Online social networksFor purposes of this paper, we define "Personally identifiable information" (PII) as information which can be used to distinguish or trace an individual's identity either alone or when combined with other information that is linkable to a specific ...
Scanning electronic documents for personally identifiable information
WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic societySometimes, it is necessary to remove author names and other personally identifiable information (PII) from documents before publication. We have implemented a novel defensive tool for detecting such data automatically. By using the detection tool, we ...
On the leakage of personally identifiable information via online social networks
For purposes of this paper, we define "Personally identifiable information" (PII) as information which can be used to distinguish or trace an individual's identity either alone or when combined with other information that is linkable to a specific ...