Personally Identifiable Information (PII)
OMB has defined the term Personally Identifiable Information (PII) as "any information about an
individual maintained by an agency, including, but not limited to, education, financial transactions,
medical history, and criminal or employment history and information which can be used to distinguish
or trace an individual's identity, such as their name, social security number, date and place of
birth, mother's maiden name, biometric records, etc., including any other personal information
which is linked or linkable to an individual."
Controlled Unclassified Information
A categorical designation that refers to unclassified information that does not meet the standards for
National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the
national interests of the United States or to the important interests of entities outside the federal
government, and (ii) under law or policy requires protection from unauthorized disclosure, special
handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation
CUI replaces Sensitive But Unclassified (SBU).
To alter a file using a secret code so as to be unintelligible to unauthorized parties.
OMB has defined a security breach as follows: "The term breach is used to include the loss of
control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or
any similar term referring to situations where persons other than authorized users and for an
authorized purpose have access or potential access to personally identifiable information in usable
form, whether physical or electronic."