SLAC Today logo

PII: What is it?

February 2011: Please note, this article on PII, published in 2006, is no longer up-to-date.
Please instead see the SLAC PII policy.

What is PII:

  • Social Security Numbers in any form
  • Place of Birth associated with an individual
  • Date of birth associated with an individual
  • Mother's maiden name associated with an individual
  • Biometric record associated with an individual
    • Fingerprint
    • Iris scan
    • DNA
  • Medical history information associated with an individual
    • Medical conditions, including history of disease
    • Metric information, e.g. weight, height, blood pressure
  • Criminal history associated with an individual
  • Employment history and other employment information associated with an individual
    • Ratings
    • Disciplinary actions
    • Performance elements and standards (or work expectations) are PII when they are so intertwined with performance appraisals that their disclosure would reveal an individual's performance appraisal.
  • Financial information associated with an individual
    • Credit card numbers
    • Bank account numbers
  • Security clearance history or related information (not including actual clearances held)

What isn't PII:

  • Phone numbers (work, home, cell)
  • Street addresses (work and personal)
  • Email addresses (work and personal)
  • Digital pictures
  • Birthday cards
  • Birthday emails
  • Medical information pertaining to work status (X is out sick today)
  • Medical information included in a health or safety report
  • Employment information that is not PII even when associated with a name
    • Resumes, unless they include an SSN
    • Present and past position titles and occupational series
    • Present and past grades
    • Present and past annual salary rates (including performance awards or bonuses, incentive awards, merit pay amount, Meritorious or Distinguished Executive Ranks, and allowances and differentials)
    • Present and past duty stations and organization of assignment (includes room and phone numbers, organization designations, work e-mail address, or other identifying information regarding buildings, room numbers, or places of employment)
    • Position descriptions, identification of job elements, and those performance standards (but not actual performance appraisals) that the release of which would not interfere with law enforcement programs or severely inhibit agency effectiveness
    • Security clearances held
    • Written biographies (like the ones used in conference materials)
    • Academic credentials
      • Academic credentials, e.g. Ph.D, MS, BS, AA
      • Schools attended
      • Major or area of study
  • Personal information stored by individuals about themselves on their assigned workstation or laptop (unless it contains a SSN)



  • This means that you have either a paper or electronic copy of the data physically in your office, car, home, or on your person that can be removed from SLAC merely by physically walking off with it.
    • Simply viewing data on a display/monitor where the data itself resides on a computer not located in your office does not count as possession. Examples are the Z drive or in PeopleSoft.
    • Copying data to your local hard drive such as the C drive is possession.
    • Having the a CD or memory stick that stores PII counts as possession.
    • Possession is not determined by who owns the device containing the data (in other words, whether it belongs to you or to SLAC). It is only determined by where the data is located.
    • If the electronic device is capable of storing data without being connected to a power source (your C drive, external drives, floppy disks, memory sticks, CDs of any sort, etc.), the data is retained even if you delete the file (this only deletes the pointer to the file location).


  • If you possess PII, then you are automatically the custodian of that PII.


  • SLAC has other policies that apply to data and system access that must be kept private and out of the public domain. The PII responsibilities are in addition to these other policies, and do not replace or modify them. In the case of a conflict, the most secure or conservative interpretation should be used.


Last update: