PII
Example: A neighborhood bistro realizes its PII isn't just the email list — the saved card numbers fall under PCI-DSS, and the employee SSNs and I-9 records on file carry their own legal protections, so each set needs to be stored and handled differently.
Personally Identifiable Information
Personally Identifiable Information — any data that can identify a specific person on its own or in combination with other data. For a restaurant operator: customer names, emails, phone numbers, payment details, employee SSN, I-9 records. PII has legal protection; mishandling it has fines and lawsuits attached.
Why it matters
Most operators conflate PII with 'the email list.' But payment data, employee bank accounts, and reservation records are also PII — and each carries its own regulatory framework (PCI-DSS for cards, state breach-notification laws for the rest). Knowing what counts is the precondition for handling it right.
PII sits in Tier 4 of the data-tiering model.
Frequently asked
What is PII?
PII is personally Identifiable Information — any data that can identify a specific person on its own or in combination with other data. For a restaurant operator: customer names, emails, phone numbers, payment details, employee SSN, I-9 records. PII has legal protection; mishandling it has fines and lawsuits attached.
Why does PII matter for a restaurant?
Most operators conflate PII with 'the email list.' But payment data, employee bank accounts, and reservation records are also PII — and each carries its own regulatory framework (PCI-DSS for cards, state breach-notification laws for the rest). Knowing what counts is the precondition for handling it right.
Browse all
149 terms.
Plain-English definitions for every term in your audit, organized by category.