[Retric]

PII is more than just the classic SSN, name, and address etc. The IRS uses your last years tax data when verifying your identity for example. Your transaction history is PII as someone can correlate specific transactions to your identity.

[closeparen]

It is personal data because it can be correlated to PII. It is not by itself PII. This is one of the most important differences between the US and EU regimes, regulating PII vs. all personal data.

[Retric]

It depends on context, but the US does recognize financial data as PII.

“Personally Identifiable Information (PII) The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available - in any medium and from any source - that, when combined with other available information, could be used to identify an individual.“ https://www.gsa.gov/reference/gsa-privacy-program/rules-and-...