Nonpublic personal information definition
Nonpublic personal information is any customer data that is not publicly available and could be used to identify or contact an individual. Nonpublic personal information includes such details as a person’s name, address, phone number, email address, Social Security number, financial records, and medical information.
Nonpublic personal information data is stored by organizations like banks, insurance companies, and healthcare providers as part of their daily business. In many countries, the law requires organizations to adopt measures to safeguard nonpublic personal information to protect privacy and combat identity fraud.
See also: sensitive information, personally identifiable information, digital identity
Nonpublic personal information in the United States
In the United States, nonpublic personal information refers specifically to personally identifiable financial information kept by financial institutions that should not be disclosed to the public (unless the institution reasonably believes that the information has been lawfully made “publicly available.”)
Nonpublic personal information in the US is governed by the Gramm-Leach-Bliley Act, which requires financial institutions to establish privacy policies and limit access to such data. To achieve this, organizations typically adopt strict guidelines to control how this information is stored and disposed of, as well as implement strong encryption and access controls.
