Information assets that contain personal details of people are classified as private or personal data. In other words, disclosure of personal data to third parties without the consent of the data owner is a breach of privacy requirements of such assets. The data owner is the individual associated with that data. The contents of data that can uniquely identify a person or group of persons is called Personally Identifiable Information (PII). There are legal and regulatory requirements that pertain to the collection, storage, transmission, disclosure, retention, and destruction of personal information. References and online links to such requirements are provided in Chapter 5, Day 5 – Exam Cram and Practice Questions, of this book.