These are the starting point for my ALex Jackl's recommendation for PII data elements for CCC based on the NIST recommended PII data elements (Alex Jackl):
.
Level 1 Elements are considered by NIST to be the most sensitive. NIST lists Level 2 Elements as those that must be used with caution as, when used in conjunction with other elements, may constitute a breach of privacy.
Level 3 elements are those elements that are present in CCC eco-system, yet not directly called out in the NIST standard.
| Element | NIST Level | Obfuscated? | Encrypted? | Aggregate Only? | Notes |
|---|---|---|---|---|---|
Full name (if not common) | 1 | Y | N | N | |
Face (photograph) | 1 | Y | N | N/a | |
Home address | 1 | Y | N | N | |
Email address | 1 | Y | N | N | |
National identification number/SSN | 1 | Y | Y | N/A | |
Passport number | 1 | Y | Y | N/A | |
Vehicle registration plate number | 1 | Y | Y | N/A | |
Driver's license number | 1 | Y | Y | N/A | |
Fingerprints | 1 | Y | Y | N/A | |
| Handwriting capture | 1 | Y | N | N/A | |
Credit card numbers | 1 | Y | Y | N/A | |
Digital identity | 1 | Y | Y | N/A | |
Date of birth | 1 | N | N | N | If linked to other Class 1 Elements this must also be obfuscated |
Birthplace | 1 | N | N | N | If linked to other Class 1 Elements this must also be obfuscated |
Genetic information | 1 | Y | Y | N/A | |
Telephone number | 1 | Y | Y | N/A | Aggregating by Area Code is acceptable |
| Login name, | 1 | Y | Y | N/A | |
| Screen name | 1 | Y | Y | N/A | |
| Nickname, or handle | 1 | Y | Y | N/A |
Class 1 Elements: Obfuscated in open reports - except for Date of Birth as noted
Full name (if not common)
Face (photograph)
Home address
Email address
National identification number/SSN Encrypted
Passport number
Vehicle registration plate number
Driver's license number
Fingerprints
Handwriting capture
Credit card numbers
Digital identity
Date of birth (if linked to any other Class 1 element, otherwise allowed)
Birthplace
Genetic information
Telephone number
Login name, screen name, nickname, or handle
First or last name individually, if common
Country, state, postcode or city of residence
Age
Gender
Race (if not linked to class 1 data)
Name of the school they attend or workplace
Grades
Salary
Job position
Criminal record (if not linked to class 1 data)
Web cookie
Class 3: (CCC Elements not covered by NIST)
Sexual Orientation Obfuscated and encrypted
| First or last name individually, if common | 2 | N | N | N | |
| Country, state, postcode or city of residence | 2 | N | N | N | |
| Age | 2 | N | N | N | |
| Gender | 2 | N | N | N | |
| Race | 2 | Y | N | Y | |
| Name of school or workplace | 2 | N | N | N | |
| Grades | 2 | N | N | Y | Must be obfuscated if connected to Level 1 Elements in a public report |
| Salary | 2 | Y | Y | Y | |
| Job Position | 2 | N | N | N | |
| Criminal Record data | 2 | Y | Y | Y | |
| Web cookie | 2 | Y | N | N/A | |
| Sexual Orientation | 3 | Y | Y | N | |
| CCCID | 3 | N | N | Y | |