Archive|Deep Briefs|
|
← Back to Glossary

PII (Personally Identifiable Information)

RegulationUpdated: January 15, 2025
Also known as: Personally Identifiable Information, Personal Data

Browse all Regulation terms

AI RMF (AI Risk Management Framework)Asset SegregationBeneficial OwnershipBeneficiaryBIS (Bank for International Settlements)BSA (Bank Secrecy Act)CASP (Crypto-Asset Service Provider)CASP LicenseCFTC (Commodity Futures Trading Commission)Client AssetsData MinimizationDLT Pilot RegimeeIDAS 2.0ESMA (European Securities and Markets Authority)FATF (Financial Action Task Force)FCA (Financial Conduct Authority)FEAT PrinciplesFinCEN (Financial Crimes Enforcement Network)FINMA (Swiss Financial Market Supervisory Authority)FINRA (Financial Industry Regulatory Authority)FSB (Financial Stability Board)GDPR (General Data Protection Regulation)High-Risk AI SystemHowey TestKYC (Know Your Customer)Market ManipulationMAS (Monetary Authority of Singapore)MiCA (Markets in Crypto-Assets Regulation)MiCA ComplianceMiFID IIOFAC (Office of Foreign Assets Control)OriginatorPassportingPEP (Politically Exposed Person)Qualified CustodianQualified InvestorRetail InvestorRight to be ForgottenSAR (Suspicious Activity Report)SEC (Securities and Exchange Commission)SOC 2 (Service Organization Control 2)Strict LiabilityTransaction MonitoringVARA (Virtual Assets Regulatory Authority)Virtual AssetVirtual Asset Service Provider (VASP)Wash Trading
Information that can identify an individual requiring privacy protection under data regulations

Personally Identifiable Information is data that can be used alone or combined with other information to identify, contact, or locate a specific individual, subject to privacy protection requirements under regulations including GDPR, CCPA, and sector-specific data protection laws.

PII includes direct identifiers such as names, email addresses, phone numbers, government ID numbers, biometric data, and financial account information, as well as quasi-identifiers like IP addresses, device IDs, geolocation data, and behavioral patterns that can identify individuals when combined. Under GDPR, PII is termed "personal data" with broad interpretation encompassing any data relating to an identified or identifiable natural person.

In crypto and blockchain contexts, determining what constitutes PII is complex. Cryptocurrency wallet addresses are pseudonymous rather than anonymous, and blockchain analytics can link addresses to real identities through exchange KYC data, IP addresses during transaction broadcasts, or on-chain behavioral patterns. When wallet addresses can be attributed to specific individuals, they may constitute PII triggering GDPR obligations. VASPs collecting KYC information, transaction histories, and wallet addresses must implement data protection controls, encryption, access restrictions, and retention limits. Zero-knowledge proof systems and privacy-enhancing technologies enable verification of attributes without exposing underlying PII, addressing compliance requirements while preserving individual privacy.

Related Terms

Data MinimizationRight to be Forgotten
← Back to Full Glossary