Skip to content
Piiano Learning Center

Sensitive personally identifiable information (SPII)

“Sensitive personally identifiable information (SPII)”, or secure PII, is a colloquial term used in the cybersecurity industry to describe personally identifiable information (PII) that requires stricter safeguards due to its potential for misuse or harm to individuals in the event of a data breach.

SPII is not defined in any data protection legislation. However, some prominent laws define categories of sensitive personal information, for which SPII can serve as an umbrella term.

For instance, the California Privacy Rights Act (CPRA) defines “sensitive personal information” as any non-public personal information that reveals an individual’s social security number (SSN), driver’s license, passport number, financial accounts along with information required to access these accounts, precise geolocation, genetic data, racial or ethnic origin.

General Data Protection Regulation (GDPR) introduces “special categories of personal data” and prohibits processing them by default, although there are exemptions to this general rule. According to GDPR, special categories of personal data include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data used for uniquely identifying a natural person, health data, as well as data concerning an individual’s sex life or sexual orientation.

If SPII is interpreted as an umbrella term for categories of sensitive personal information outlined in CPRA and GDPR, the following would be examples of SPII (unless publicly available):

  1. Social security number (SSN)
  2. Driver’s license
  3. Passport number
  4. Financial account, debit or credit card number in combination with security codes or credentials required to access funds
  5. Account credentials
  6. Racial or ethnic origin
  7. Political opinions
  8. Religious or philosophical beliefs
  9. The contents of mail, email, and text messages intended for someone else
  10. Biometric information used for uniquely identifying an individual
  11. Genetic data
  12. Health information
  13. Information about an individual’s sex life or sexual orientation
  14. Precise geolocation
  15. Union membership

Note that SPII is also sometimes used narrowly as a synonym for “sensitive personal information” as defined in the CPRA.