PII

Personally identifiable information: any data that can identify a specific person. Names, emails, phone numbers, addresses, Social Security numbers, customer records, employee files. The category of data you have to be most careful about putting into AI.

What it is

PII is the privacy world's term for "data tied to a real human." Some of it is obvious (a Social Security number). Some is sneakier: a name plus a company plus a title can identify someone just as surely. Regulated versions exist too, like protected health information or payment-card data, which carry their own legal rules on top.

Why CEOs care

Because PII is exactly the data your team is most tempted to paste into a chatbot, and the data you can least afford to leak. A customer list, a candidate's resume, an employee complaint: all PII. On a consumer AI plan that retains and trains on chats by default, pasting PII is how a private record quietly becomes training data. On a business plan with training off, it is far safer. The plan, not the tool, is what decides.

Where you'll see it

In every decision about what is safe to put into AI, and in the "red" tier of the green-yellow-red rule: PII only goes into a business plan with training off, never into a personal account.

Example

A founder pastes 200 customer emails into a free ChatGPT account to draft a campaign. That is 200 pieces of PII handed to a consumer tier. The same task on a business plan, or with the names stripped first, carries a fraction of the risk.

Related

• zero-data-retention
• dpa
• shadow-ai