Get All Access for $5/mo

Ever Hear of Pii? What You Need to Know About Its Life Cycle in Business Pii means 'personally identifiable information.' It has nothing to do with the circumference of a circle.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.


In high school you learned about pi, remember? Pi is the the ratio of a circle's circumference to its diameter, commonly approximated as 3.14159. All well and good. But now it's time to learn about pii.

Related: Microsoft Offers First Major Endorsement of New EU-U.S. Data Privacy Pact

PII stands for "personally identifiable information." And personally identifiable information can mean an assortment of things, such as name, address, social security number and biometric data, like voice and fingerprint identifiers.

As such, pII isn't always private information, but often it is sensitive. Think: passport number, health information and medical records -- all part of the concept of "privacy" you hear so much about, in terms of personal information and cyberspace. Companies, such as banks and health plans, which store private, personal information about people should allow those same people to determine how their pII is used or revealed.

And that brings up the matter of the pii life cycle. At birth, pii is rounded up and collected because the need exists for this data, for various small business transactions. At death, if you want to call it that, the cycle is finished: Pii data is no longer needed.

What are the in-between stages? After pii is gathered, it's stored and maintained in a computer system. It's ready for use -- the next stage of the life cycle. Along with that exists the need to share the pii, as in disclosure or transfer or even sales/marketing. In a business, when the pii is no longer needed, there are policies that determine when the time period for holding on to the data has expired.

As mentioned, pii is usually of a sensitive nature, though not always, and includes such items as email addresses and birthdates. A business' responsibility is to handle sensitive data with lots of TLC, keeping it protected from theft and private, based on the terms set forth by the business that collects it and the client who agreed to those terms.

In fact, businesses have a lot of heavy responsibility when it comes to handling pii:

  • Proper management of the entire life cycle
  • Protection of data, in offline form as well.
  • Prompt reporting of any violations of privacy

The end of the life cycle may be referred to as disposition. Proper disposition is a must. This entails thorough shredding of sensitive documents. It does not mean tossing out an old computer that still has its hard drive into a rubbish can (where dumpster divers can retrieve it, take out the hard drive and see what kind of juicy data is on it, like bank account numbers and social security numbers).

Businesses need to watch out: Punishment for privacy violation is no picnic and includes the possibility of criminal charges.

Related: Despite Social Media's Popularity, Most Americans Don't Want to Give Up Private Data

The Laws of Privacy

You've probably seen "HIPPA" and heard people say "Hippa." The abbreviation is actually HIPAA, short for the Health Insurance Portability and Accountability Act. This means that your mother's cardiologist isn't going to tell you what's going on with her heart unless your mother "puts you on her HIPAA."

Translation: She authorizes the doctor to share information. HIPAA also bars, for example, nurses telling a reporter why a movie star was treated in the emergency room. HIPAA further makes it possible for patients to access their own records.

Ever hear of COPPA? The Children's Online Privacy Protection Act requires that parental consent be obtained for websites that gather personal information on kids under the age of 13. Here is a brief rundown of other pii elements to be aware of:

  • The Privacy Act of 1974 is a primer for the gathering, use and sharing of personal data.
  • The Office of Management and Budget Mandate M-07-16 requires protection for pii in cyber and offline form.
  • The E-Government Act of 2002, titles II and III, makes it necessary for federal agencies to analyze the influence of privacy for systems that gather public data.
  • Policy Number HHS-OCIO-2008-0001.003: When suspicious things occur relating to pii, action must be taken, and that's where this policy comes in.
  • The National Institutes of Standards and Technology (NIST) Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Check out the information about privacy controls in Appendix J.

If you're unaware of these items, you need to start learning about them now. Security for privacy requires a very systematic, strategic approach on the part of businesses. And the advent of online data has only complicated matters, raising the bar for security and protection.

Related: Apple's Trio of 'Privacy Czars' Grapple With Internal Conflicts Over User Data

What do you still need to learn?

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

How to Be a Billionaire By 25, According to a College Dropout Turned CEO Worth $1.6 Billion

Austin Russell became the world's youngest self-made billionaire in 2020 at age 25.

Starting a Business

Your Business Will Never Succeed If You Overlook This Key Step

A comprehensive guide for startups to achieve and maintain product-market fit through thorough market research, iterative product development and strategic scaling while prioritizing customer feedback and agility.


Four Takeaways for the Franchise Industry From My Time at the Republican National Convention

Matt Haller, President and CEO of the IFA, says the stakes are high for franchisors and franchisees in the upcoming presidential election.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

How to Build a Successful Startup, According to an Investor Who Made Early Bets on Twitter, Lyft, and Twitch

He's found a few patterns after nearly two decades of investing in startups.

Science & Technology

No More ChatGPT? Here's Why Small Language Models Are Stealing the AI Spotlight

Entrepreneurs can leverage this growing tech to create innovative, efficient and targeted AI solutions.