PII (personally identifiable information)
PII (personally identifiable information) is any data that can identify a specific person — a term borrowed from U.S. usage that maps closely to Canada’s “personal information.”
PII is common industry shorthand, especially in security and tech circles, for data that identifies an individual. Canadian law does not actually use the phrase — PIPEDA and Law 25 say *personal information* / *renseignements personnels* — and the Canadian definition is broader, since it captures anything about an *identifiable* person, not just classic identifiers.
Practitioners often split PII into direct identifiers (name, SIN, passport number) and indirect identifiers (postal code, birth date, device fingerprint) that become identifying when combined. Treat both as personal information under Canadian law.
Finding and classifying PII across documents and databases is the practical first step in most privacy programs. Tools such as Shielk (shielk.com) detect 421+ Canadian PII types — including SIN, health-card, and provincial ID formats — to help organizations locate what they hold before they can protect it.