Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

Published

Author(s)

Erika McCallister, Timothy Grance, Karen A. Scarfone

Abstract

The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. PII should be protected from inappropriate access, use, and disclosure. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. Organizations are encouraged to tailor the recommendations to meet their specific requirements.
Citation
Special Publication (NIST SP) - 800-122
Report Number
800-122

Keywords

PII, confidentiality, privacy, PII confidentiality impact level, FIPS 199, personally identifiable information
Created April 6, 2010, Updated February 19, 2017