What is Personally Identifiable Information?


An Educational Service of the American Library Association

Office for Information Technology Policy


Prepared by Leslie Harris & Associates www.lharris.com in conjunction with OITP staff  www.ala.org/oitp



At the heart of online privacy is the collection of "personally identifiable information."  The term "personally identifiable information" or "PII" includes any information that can be directly identified or linked to a specific individual, with or without his or her knowledge.  Personally identifiable information can be collected when library patrons engage in a variety of activities online, such as e-commerce.  It can also be collected by libraries themselves. 


Commercial web sites use PII to create personalized web pages and other features many users enjoy.  For example, when a library patron registers and sets up a newspaper home page, or registers for an online health newsletter, his or her preferences are PII.  Similarly, if a patron provides E-Bay with an e-mail based user ID, bank or credit card information, and a list of items the user is watching, the user is providing eBay with PII.  Cookies containing PII allow users to return to a web site without having to specifically log in every time they visit the web site. This convenience motivates users to provide PII by using it to create a more seamless and personalized Internet experience.  While the collection of some types of PII may result in no more than unwanted marketing, the collection of particularly sensitive data such as health or financial information can pose serious risks to privacy.


There are also circumstances under which libraries may choose to collect personally identifiable information from patrons.  For example, a library card with a patron's name is PII.  If a library requires users to login with a cardswipe or input of library card information, the user's web history may be personally identifiable - not only to the library, but possibly to online third parties who use certain types of data collection technologies, such as persistent cookies (which will be discussed in more detail in a future tutorial).  As we will discuss later, libraries can take active steps to erase web history between users and manage cookies.  A web-based survey of library users might also create PII, depending on how the information is collected.  In addition, a library website may collect considerable PII if it tracks the preferences of its users.


Librarians can help educate library patrons about how PII may be collected online and on how to protect their own privacy and confidentiality.  There are a number of good web sites listed below, which offer privacy tips for online consumers.  Libraries should also examine their own library practices to determine to what extent library web sites, computer networks, and data management systems collect personally identifiable information, and to take steps to limit that collection.


Further information:


ALA's Policy Concerning Confidentiality of Personally

Identifiable Information about Library Users:




Privacy Rights Clearinghouse, Privacy Survival Guide:



Direct Marketing Association:



The Center for Democracy & Technology:




Copyright 2002, American Library Association, Office for

Information Technology Policy




This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris & Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.