Personal data, also known as personal information, personally identifying information (PII), or sensitive personal information (SPI), is any information relating to an identifiable person.
The abbreviation PII is widely accepted in the United States, but the phrase it abbreviates has four common variants based on personal / personally, and identifiable / identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. Under European and other data protection regimes, which centre primarily around the General Data Protection Regulation, the term “personal data” is significantly broader, and determines the scope of the regulatory regime.National Institute of Standards and Technology Special Publication 800-122 defines personally identifying information as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” So, for example, a user’s IP address is not classed as PII on its own, but is classified as linked PII. However in the European Union, the IP address of an Internet subscriber may be classed as personal data.The concept of PII has become prevalent as information technology and the Internet have made it easier to collect PII leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts. As a response to these threats, many website privacy policies specifically address the gathering of PII, and lawmakers such as the European Parliament have enacted a series of legislation such as the General Data Protection Regulation (GDPR) to limit the distribution and accessibility of PII.Personally identifying information is a legal concept, not a technical concept, and it is not utilised in all jurisdictions. Because of the versatility and power of modern re-identification algorithms, the absence of PII data does not mean that the remaining data does not identify individuals. While some attributes may not be uniquely identifying on their own, any attribute can be potentially identifying in combination with others. These attributes have been referred to as quasi-identifiers or pseudo-identifiers. While such data may not constitute PII in the United States, it is highly likely to remain personal data under European data protection law.

see more at wikipedia

Check More at http://flywait.lifeaidbev.hop.clickbank.net