How to respectfully use and inform communities about Personal Identifiable Information (PII) collected about them 

Data SharingData ManagementSecurityPrivacy 4 Steps
This guide covers key characteristics of PII, how to request it from communities through informed consent, and best practices in how to manage it without undue risk.

Guide Objectives

  • To showcase PII and specify how it is identified 
  • To define best practices and implement a plan for the PII data lifecycle 
  • To describe the key elements of informed consent

SIOs often collect personal data on people involved in their programs, projects, and events to monitor and evaluate for improvements, report on impact, and market results to clients and donors.  

However, there is an ethical (and compliance) need to respect the data privacy of the people served. This is particularly important when considering personally identifiable information (PII). This guide is meant to inform SIOs about the key characteristics of PII, how to request it from communities through informed consent, and best practices in how to manage it without undue risk. 

Guide Specific Disclaimer 

Because each organization is different and depending on the size, complexity, and priorities of your organization, you might not be able to follow through with every one of the steps in our guide. There is no one-size-fits-all to data strategy development, and certainly not to change management. Take from this guide what makes sense for your organization, and adapt to your situation.  

Identify Personally Identifiable Information (PII) in the data collection process 

Personally Identifiable Information, or PII, is a special class of data that poses particular risks to users if mistreated or exposed. Technically speaking, PII is: 

(1) any information that can be used to distinguish or trace an individual’s identity, such as name, personal identification number, date and place of birth, mother’s maiden name, or biometric records; and  

(2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. (Source)  

PII can either be data that specifically identifies one individual, or can be a combination of multiple data points that lead to one . For example, if information on a person’s job type, ethnicity, and income level could lead to one individual in a specific area, then, combined, those are .  

You can download the PII Data Lifecycle Worksheet (download button) to document the PII your organization (or project) is collecting. In the first step, you can fill out Columns A-C of the Data Lifecycle Plan tab, identifying the PII collected along with the purpose of its data collection, and the source of that data.

Develop a data lifecycle plan for PII 

Once PII is documented, the next step is to develop a plan for how it and its associated risks are managed through its lifecycle within the organization. It is important to develop this plan so that PII is not:  
 
a) stored unnecessarily long; 

b) shared or used inappropriately; 

c) insecurely stored; or  

d) accessible beyond necessity 

Key elements of the lifecycle are: 

Duration – Understanding the timeline for specific objectives that require PII dictates how long PII should be stored. Only store PII as long as necessary. For example, storing course participant email addresses may only be necessary for communication while the course is active.  

Use – Prioritize use of PII in a way that maintains data privacy. Oftentimes, this is through aggregation of data in analysis or visualizations. When sharing PII externally, maintaining data privacy is even more critical. As outlined in Step 3, people providing their PII should be aware and in agreement about the use of this information. 

Storage – How PII is stored is critical to its security and accessibility. Access should be restricted to necessary personnel to limit unwarranted usage or data . It is also useful to consider whether PII is stored in multiple locations, both on personal devices and in the cloud. 

Deletion (or Destruction) – It is important to have a plan for deleting PII within the organization. This plan is important as, given the ways in which it is used (analysis, visualizations, etc.), Deleting PII may create ripple effects due to its varied uses (analysis, visualizations, etc.) When its necessity is over, or when the person which PII identifies requests its deletion, it is necessary to delete it.  

However, to remove any risk of recoverability of data, destruction is recommended. The difference is data deletion removes data in a manner that makes it inaccessible through normal means but may still be recoverable to some extent, while data destruction renders data completely irretrievable by overwriting it with random patterns or zeros, ensuring its permanent removal. 

Anonymization (optional) – Sometimes, when the necessity for storing and using PII is over, it is still valuable to have an anonymized version of the information. There are many ways to do this, including removing direct identifiers in the dataset, generalizing data categories (e.g., age ranges instead of specific ages), data aggregation, etc.  

Within this process, it is also important to consult any relevant laws and regulations within your state, country, or region focused on PII or data privacy. The requirements you are meant to follow may vary widely, so doing so is a critical piece of managing PII. 

Using the PII Data Lifecycle Worksheet, you can now fill out Columns D-G on the Data Lifecycle Plan tab to describe the key elements listed above for your PII. 

Develop an informed consent tool 

Informed consent is one of the most important elements of data ethics and compliance, particularly when collecting PII. It is an approach to communicating your request to collect data, particularly sensitive data, from individuals. In doing so, it is important to: 
 

  • Be informative: noting what data is being collected, how it will be used, and what the risks (and benefits) may be 
  • Be clear: make sure that information is understandable, particularly considering cultural contexts; the simpler the language and the text itself, the better 
  • Clarify consent is voluntary: people have the option to provide information or remove consent for it at any time 
  • Document consent: proof of consent needs to be documented and stored 
  • Provide a contact: people reviewing the consent documentation need to have a person to contact with questions  

For this step, you should develop an informed consent form ensuring that all the elements noted above are considered. Clarity in communication itself can be a challenge, so it is recommended to pilot test the form with different audiences before its launch.

Consideration

When developing an approach to informed consent (typically a written form), having a regular review plan is useful to update it, particularly if the use of PII changed or cultural contexts need to be considered further. 

‘So what’ & next steps  

Ensuring that PII is safely collected, stored, used, and deleted is an ongoing process that supports both your organization and the communities you serve. As data technologies and program needs evolve you may need to revisit your PII processes again.  

While you are considering the implications of collecting and using PII, we recommend learning more about data security through our guide on data breaches and human error. 


We'd love your feedback.

Was this guide helpful? Please rate this guide and share any additional feedback on how we might improve it.


Need some additional help?

Explore additional pathways and perspectives to inform your data for social impact journey.