Personally Identifiable Information

Projects that collect data on individuals are gathering Personally Identifiable Information (PII). If your project involves PII, you must determine how sensitive the data is, whether you need to fill out a Privacy Impact Assessment, how to host the PII, and how to prepare PII for release. PII is often collected for customer surveys or usability testing.

If you want to collect any PII for an EERE project, you must talk to the Web Governance Team before starting work.

What is Personally Identifiable Information?

The U.S. Department of Energy defines PII as:

Any information collected or maintained by the Department about an individual, including but not limited to, education, financial transactions, medical history and criminal or employment history, and information that can be used to distinguish or trace an individual's identity, such as his/her name, Social Security number, date and place of birth, mother's maiden name, biometric data, and including any other personal information that is linked or linkable to a specific individual.

Any personal information you collect may be PII. Even email addresses may be PII if they include a person's full name.

Determining the Sensitivity Level of Your Data

PII becomes more sensitive based on how much harm, embarrassment, or inconvenience it will cause to an individual or an organization if that information is lost, compromised, or disclosed.

Determining how sensitive a collection is can be very subjective. It depends on many factors, such as what information you're collecting, what information is associated with each other, and how it will be used. In general, the more information that's associated with an individual, the more sensitive that PII becomes. Because of this, you should always collect as little PII as necessary.

To get an idea of how sensitive your collection may be:

  • Write down the questions you want to ask in your survey or usability test.
  • Consider the questions as a whole. How much information about each person will you collect? How much harm would it do if it was released? What will do you with the PII that you collect? Do you need it all for your project to be successful?

EERE forbids the collection of high-sensitivity PII on its websites. Your PII is of "high" sensitivity when one of two things happens:

  • You ask for information that would have a severe or catastrophic effect on an individual if it was released, such as social security numbers or biometric identifiers (such as fingerprints.)
  • You ask many questions that, taken as a whole, create a complete and in-depth profile of an individual.

The Privacy Impact Assessment Form

If you need to collect PII for your project, you must go to the Web Governance Team (WGT) meeting. Send the WGT your project plan, including what information you want to collect, how you will collect it, and where it will be stored.

The WGT will tell you if you need to fill out a Privacy Impact Assessment or not. If you need to, fill out the Privacy Impact Assessment (PIA) and send it to the WGT.

Hosting and Storing Personally Identifiable Information

All PII must be stored on U.S. Department of Energy computers. This means:

  • If you want to use a 3rd-party website to collect PII, you must use one of EERE's approved software tools for user-centered design projects or event registration systems.
  • Databases that collect PII must be hosted on the EERE Centralized Web Hosting Environment or on another server that meets EERE's security requirements for hosting applications.
  • Files (such as Excel or Word files) that include PII should be stored on DOE computers, not on flash drives or mobile devices.
  • Files that include PII cannot be posted publicly until the PII has been removed.
  • Dispose of PII when you no longer need it.

If you have questions about what information you can collect and where you can store it, contact the Web Governance Team and attend a meeting.

Preparing Data for Analysis or Release

If you can analyze your data with all of the PII removed, then do so. Remove the PII by replacing it with anonymous data that is unassociated with an individual, like ID numbers or aliases. Store this anonymized data on your computer and delete all of the PII.

No information can be posted publicly or released outside of the Department of Energy until all PII has been removed.