USDA Examples of Personally Identifiable Information (PII)

WHAT IS GENERALLY PII AT USDA: PII is information that can be used to uniquely
identify an individual. The following are some examples of data which when combined
with an individual’s name constitute PII. For a decision on other data elements not
indicated on this list, you should contact the USDA Chief Privacy Officer.

• Social Security number;

• Place of Birth;
• Date of birth;
• Mother’s maiden name:
• Biometric record (such as fingerprint, iris scan, DNA);
• Medical history information (including medical conditions and metric
information, e.g. weight, height, blood pressure);
• Criminal history;
• Employment information to include ratings, disciplinary actions, performance
elements and standards;
• Financial information;
• Credit card numbers;
• Bank account numbers; and
• Security clearance history or related information (Not including actual clearances
held).

WHAT ISN’T PII: The identification of PII requires an analysis of material in context.1
The following examples, taken alone, would generally not constitute PII. However,
combined examples, or examples included in specific databases or other record systems
may constitute PII. Please consult the USDA Chief Privacy Officer for additional
guidance.

• An individual’s name;

1
OMB’s Memorandum, M-07-16 (of May 22, 2007, “Safeguarding and Responding to the Breach of
Personally Identifiable Information”) requires an analysis of PII in context: “For example, an office
rolodex contains personally identifiable information (name, phone number, etc.). In this context the
information probably would not be considered sensitive; however, the same information in a database of
patients at a clinic which treats contagious disease probably would be considered sensitive information.
Similarly, using a best judgment standard, discarding a document with the author’s name on the front (and
no other personally identifiable information) into an office trashcan likely would not warrant notification to
US-CERT.

1
 • EIN/TIN as a business identifier;
• Phone numbers (Work, Home, Cell);
• Street addresses (Work and personal);
• Email addresses (Work and personal);
• Digital pictures;
• Resumes, unless they include an SSN;
• Employee present and past position titles and occupational series;2
• Employee present and past grades (and salary privacy);3
• Security clearances held;
• Written biographies (like the ones used in pamphlets of speakers); and
• Academic information (credentials, areas of study).

2
OPM Regulation, 5 C.F.R. § 293.311 states that the following information “about most present and
former Federal employees, is available to the public: (1) Name; (2) Present and past position titles and
occupational series; (3) Present and past grades; (4) Present and past annual salary rates … (5) Present and
past duty stations; and (6) Position descriptions, identification of job elements, and those performance
standards (but not actual performance appraisals) that the release of which would not interfere with law
enforcement programs or severely inhibit agency effectiveness …”
3
See preceding footnote.