Personally Identifiable Information (PII)
Personally identifiable information, or PII, is any data that can be used to identify a specific individual. This includes obvious identifiers like a full name, home address, phone number, email, or government ID number, and also combinations of details that together point to one person.
What it means
PII is a privacy and compliance concept before it is a moderation one, but the two meet whenever users share personal data in content. Some PII is shared willingly and appropriately, such as a business contact posting their support email. Other times PII appears where it should not, either because a user leaked their own sensitive data or because someone else posted it to expose them. Handling PII well means recognizing it and understanding whether its presence is a problem.
Real-world examples
- A member accidentally pasting their credit card number into a public channel.
- Someone posting another person's phone number and address, which becomes doxxing.
- A support form collecting names and emails that must be stored and protected.
Why it matters
Mishandled PII creates privacy harm for individuals and legal exposure for platforms under regulations like the GDPR and CCPA. In a moderation context, detecting PII lets a system redact or flag sensitive data before it spreads, protect users from accidentally exposing themselves, and catch malicious exposure of others. The presence of PII is not automatically a violation, which is why context and intent determine the right response.