What Is PII (Personally Identifiable Information)? Types & Examples

PII (Personally Identifiable Information) is any data that can identify a specific individual — such as a name, address, email, phone number, Social Security number, or passport number. It includes both direct identifiers that identify someone on their own and indirect identifiers that identify someone when combined with other data.

Direct vs. indirect PII

• Direct identifiers point to a person by themselves: full name, Social Security number, passport or ID number, email address, phone number, biometric data.
• Indirect identifiers identify someone in combination: date of birth, postal code, job title, gender, IP address. On their own they may be harmless; together they can single out an individual.

This is why "remove the names" is rarely enough — a combination of indirect identifiers can re-identify someone.

Common examples of PII

• Full name
• Home or postal address
• Email address and phone number
• National ID / Social Security number (SSN, AVS, NIR…)
• Passport and driver's license numbers
• Bank account / IBAN / credit card numbers
• Date of birth
• IP address and device identifiers
• Photographs of a face and biometric data

Sensitive PII (special categories)

Some PII carries extra legal protection because misuse can cause real harm: health and medical data, racial or ethnic origin, religious beliefs, political opinions, sexual orientation, genetic and biometric data, and financial information. Under the GDPR these are "special category" data with stricter rules.

PII vs. PHI vs. "personal data"

The same idea has different names by framework:

• PII — the US term for personally identifiable information.
• PHI — Protected Health Information under HIPAA (health-specific PII, with 18 defined identifiers).
• Personal data — the GDPR (EU) and Swiss FADP term, defined broadly as any information relating to an identifiable person.

The categories overlap heavily; the safe approach is to treat any data that could identify someone as protected.

Why protecting PII matters

Exposed PII enables identity theft, fraud, and privacy harm — and triggers regulatory penalties under GDPR, HIPAA, and similar laws. Whenever a document leaves a controlled environment, the non-essential PII should be removed first (the principle of data minimization).

How to remove PII from documents

For documents with many identifiers — contracts, medical records, applications — manual highlighting is slow and error-prone. An AI tool like Redact PDF AI detects names, addresses, phone numbers, emails, IBANs, and dates automatically and produces irreversible, properly redacted output. For a category-by-category checklist, see what counts as PII in a PDF.

Frequently asked questions

What is considered PII? Any information that can identify a person, directly (name, ID number, email) or indirectly in combination (date of birth, postal code, IP address).

Is an email address PII? Yes — an email address can identify an individual and is treated as PII (and as personal data under GDPR).

What is the difference between PII and PHI? PHI (Protected Health Information) is health-related PII covered by HIPAA. PII is the broader category of any personally identifiable information.

How do I remove PII from a PDF? Use a redaction tool that detects PII automatically and exports a flattened file — see how to redact a PDF.

In summary

PII is any data that can identify a person, on its own or combined with other data. Because indirect identifiers add up, protecting PII means removing more than just names. Learn what counts as PII in a PDF or remove it free on redact-pdf.ai.