CERTIFIED-IN-CYBERSECURITY Question #488: Real Exam Question with Answer & Explanation

Question

What can be considered as Personally Identifiable Information (PII)?

Options

• AAny data about an individual that could be used to direct or indirect identify them
• BAggregated information about a sensible group
• CData that, if improperly handled, would harm an organization or individual
• DTrade secrets, research, business plans and intellectual property

Explanation

Personally Identifiable Information (PII) is any data about an individual that could be used to directly or indirectly identify that individual (see the ISC2 Study Guide, Chapter 1, Module 1). PII includes information such as an individual's name, e-mail address, physical address, telephone number, or social security number. For example, in an e-commerce transaction, a customer's credit card number, billing address, and e-mail address are all considered PII because they can be used to identify the individual. The other options do not precisely define PII. Trade secrets, research, business plans, and intellectual property are types of sensitive business information that are not PII. They are valuable to an organization but do not directly identify an individual. Aggregated information about a sensitive group is not PII because it does not contain specific details that can identify an individual. It's a collection of anonymized data used for statistical analysis. Finally, data that would cause harm to an organization or individual if mishandled could include a variety of data types, not just PII (for example, it could include proprietary business information that is not considered PII).

No community discussion yet for this question.