Privacy Risk Management
Privacy risk is the potential loss of control over personal information. Personally identifiable information, or PII, is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." So, for example, a user's IP address is not classified as PII on its own, but is considered linked PII. (NIST Special Publication 800-122).