Kevin G. Coleman in his article “The Intersection of Privacy, Confidentiality and Personal Data Protection“ raises that question. He goes on to list a variety of data types not necessarily considered PII.
Quoting Mr. Coleman, he lists:
Employment records;
Military ID and record;
Driver’s license numbers;
Protected health information;
Confidential resume information;
Educational information and records;
Garnishments, tax levies, wage assignments;
Digital signatures (ink signatures that have been digitized);
Beneficiaries, retirement account allocations and investments;
General personal information such as date of birth and mother’s maiden name, etc.;
Unique biometric data, including fingerprint, voice print, retina or iris image or any other unique physical representation;
Passwords, security codes, access codes, biometric codes, personal identification numbers, and other unique account identifiers;
Proprietary computer applications or source code to which someone or organization holds a license that restricts further or public distribution;
Trade secrets or other proprietary business information owned by a third party and provided and protected under the promise of confidentiality; and
Research, testing, or training done for financial benefit or in connection with a potential investment or development or transfer of technology.
The action item here is that we all need to examine the data entrusted to our care, and protect the privacy of other individuals data as we would our own. If we don’t, we may pay the legal consequences.
Like this:
Like Loading...
Related
USA Privacy Research 
but this list is classed as sensitive data and as thus should be protected by law in the U.S, shouldn’t it?
Posts like this brighten up my day. Thanks for tankig the time.