With a complicated patchwork of state breach notification laws across the U.S., navigating the compliance landscape can be a tall task, prompting privacy lawyer Annie C. Bai, CIPP/US, to ask, “Can you believe how many different state laws we privacy pros need to reference just to determine what is PII (personally identifiable information)?” Bai notes that the definition of PII “is important because it is a trigger for breach notification requirements in 48 U.S. jurisdictions,” including Washington D.C. and Puerto Rico. “Thankfully, the spirit of Halloween has bestowed upon me some inspiration in my search for broader understanding of these definitions,” Bai writes. This Privacy Perspectives post looks at Bai’s seven PII archetypes to help better understand this complicated ecosystem. Editor’s Note: For more information, see Mintz Levin’s comprehensive chart of state breach notification laws in the IAPP Resource Center.
If you want to comment on this post, you need to login.