An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Note: The information on this page is intended to inform the public of GSA's privacy policies and practices as they apply to GSA employees, contractors, and clients.
In the appendix of OMB M-10-23 (Guidance for Agency Use of Third-Party Website and Applications) the definition of PII was updated to include the following:
Personally Identifiable Information (PII)
The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available - in any medium and from any source - that, when combined with other available information, could be used to identify an individual.
CIO GSA Rules of Behavior for Handling Personally Identifiable Information (PII)
Date: 10/08/2019
Status: Validated
Outdated on: 10/08/2026
SUBJECT: GSA Rules of Behavior for Handling Personally Identifiable Information (PII)
Purpose: This directive provides GSA’s policy on how to properly handle PII and the consequences and corrective actions that will be taken if a breach occurs.