Information that can be used to uniquely identify an individual, including Non-Human Identities (NHIs).
Description
Personal Identifiable Information (PII) encompasses any data that can be used to identify a specific individual. In the context of Non-Human Identities (NHIs), PII can also refer to information associated with entities like organizations, brands, or automated systems that may be recognized or interact with individuals in a digital context. NHIs can include digital avatars, bots, or other automated entities that represent a person or organization. As technology advances, the distinction between human and non-human identities blurs, and PII must be evaluated in terms of how it relates to both individuals and their non-human counterparts. This includes not only traditional identifiers like names and social security numbers but also digital footprints, IP addresses, and user profiles that can indirectly point to a person. Protecting PII, whether human or non-human, is critical to safeguarding privacy and maintaining trust in digital interactions.
Examples
- Full name associated with a non-human entity (e.g., a corporate avatar).
- Email address linked to an automated support bot.
Additional Information
- Regulations like GDPR apply to PII related to NHIs.
- The definition of PII may evolve as technology and digital identities develop.
References
- Non-Human Identity Security – Why Now?
- Why Non-Human Identities Should Be A Top Cybersecurity Priority
- Managing the invisible risk of non-human identities
- Guidance on the Protection of Personal Identifiable Information
- What is a Non-Human Identity? - CyberArk
- Non-Human Identity Management: A Guide - Cycode
- What is Personally Identifiable Information (PII)? - IBM
- Monitor Your Non-Human Identities - Permiso Security
- Managing the Invisible Risk of Non Human Identities - One Identity
- Why securing non-human identities should be top of mind right now