Definition of PII Under California Law

Owned by Timothy Pinkham
Last updated: Jan 13, 2022
1 min read

Introduction

Personally Identifiable Information (PII) is among the most sensitive data types we store at Biola. The Information Security team typically requires a contract with data protection terms for any software or service that handles PII.

To avoid ambiguity, we use the PII definition from California law when reviewing technology purchases.

This page summarizes PII (aka "personal information") for easy reference.

Related Topics

Safe Computing

PII Definition

“Personal information” means either of the following:

  1. An individual’s first name or first initial AND his or her last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
    1. Social security number.
    2. Driver’s license number or California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual.
    3. Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
    4. Medical information.
    5. Health insurance information.
    6. Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. Unique biometric data does not include a physical or digital photograph, unless used or stored for facial recognition purposes.
    7. Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5.
  2. A username or email address, in combination with a password or security question and answer, that would permit access to an online account.