The US states’ data breach laws as summarized in Nymity’s Breach Response Support Center shows that an email address is considered PII only when it provides access to a financial account or resources (North Carolina).What is PII, non-PII, and personal data?
Information that is anonymous and cannot be used to trace the identity of an individual is non-PII. Device IDs, cookies and IP addresses are not considered PII for most of the United States. But some states, like California, do classify this data as PII. California classifies aliases and account names as personal information as well.Is address and phone number PII?
Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably.