To the best of my knowledge, no current state or federal regulation specifically lists passport numbers as personally identifiable information (PII) for businesses. However, as part of FISMA (the Federal Information Security Management Act of 2002), which affects federal agencies (and, by various state laws, many state agencies as well), NIST has released a draft publication, SP800-122, which is the Guide to Protecting the Confidentiality...
of Personally Identifiable Information, which does specifically list passport numbers as PII.
Additionally, the Office of Management and Budget recently released the OMB M-07-16, which requires agencies to implement a breach notification process for the loss of personal information. For the purposed of M-07-16, OMB defined PII as such: "The term 'personally identifiable information' refers to information that can be used to distinguish or trace an individual's identity, such as their name, Social Security number, biometric records, etc. alone, or when combined with other personal or identifying information, which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."
It seems pretty clear that this would include passport numbers as well. The OMB memorandum also references the Privacy Act of 1974, which itself requires that the government maintain control over assorted PII, which should also include passport numbers.
For more information:
Related Q&A from David Mortman, Contributor
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.