Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

Published: April 06, 2010

Author(s)

Erika McCallister, Timothy Grance, Karen A. Scarfone

Abstract

The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. PII should be protected from inappropriate access, use, and disclosure. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. Organizations are encouraged to tailor the recommendations to meet their specific requirements.
Citation: Special Publication (NIST SP) - 800-122
Report Number:
800-122
Pub Type: NIST Pubs

Download Paper

Keywords

PII, confidentiality, privacy, PII confidentiality impact level, FIPS 199, personally identifiable information
Created April 06, 2010, Updated February 19, 2017