OpenPIIMap Logo

OpenPIIMap

OpenPIIMap: Mapping Sensitive Data Definitions Globally

Understand and track PII/PHI across jurisdictions like GDPR, HIPAA, and more.

Explore CoverageContribute

How OpenPIIMap Works

Structured, machine-readable definitions of PII and PHI across countries — accessible to both developers and compliance teams.

Mapped by Country & Law

Every YAML file corresponds to a specific jurisdiction (e.g. Germany under GDPR) with citations and tags.

Developer-Friendly YAML

Definitions use a structured schema with `type`, `required_masking`, `citations`, and category tags.

Open on GitHub

All definitions are public, version-controlled, and easy to contribute. Pull requests and issues welcome!

Why OpenPIIMap Matters

Privacy laws vary by region. OpenPIIMap brings consistency, clarity, and automation to sensitive data handling across borders.

Compliance Clarity

Know exactly what qualifies as PII or PHI in each country and law.

Cross-Border Coverage

Harmonize privacy logic across GDPR, HIPAA, CPRA, and more.

AI & Automation Ready

Use YAML definitions in your anonymizers, validators, or ML workflows.

Community-Driven

Built and maintained by privacy engineers, legal experts, and open-source contributors.

GDPR – Europe

Defines personal data as any information relating to an identified or identifiable person. Includes strict rules for consent, access, and erasure.

HIPAA – United States

Focuses on protecting health data (PHI). Defines 18 identifiers and mandates anonymization or expert determination for compliance.

CPRA – California

Expands CCPA by defining sensitive personal information (SPI), adding rights to limit data use, and requiring data minimization.

DPDPB – India

India’s new Digital Personal Data Protection Bill introduces consent-based processing, cross-border controls, and privacy-by-design principles.

LGPD – Brazil

Defines personal data broadly and includes legal bases for processing, data subject rights, and national enforcement authority (ANPD).

PIPEDA – Canada

Applies to private-sector organizations. Requires meaningful consent and safeguards for identifiable information in commercial activity.

Cookie Preferences

Select which types of cookies you allow us to use:

These cookies are essential for the website to function and cannot be switched off. They are usually only set in response to actions like setting your privacy preferences, logging in, or filling out forms.

  • userConsent: Stores the user’s cookie preferences.

These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously.

  • _ga*: Registers a unique ID to generate statistical data on how the user uses the site.

These cookies are used to track visitors across websites to display ads that are relevant and engaging for the individual user.

  • bcookie: Browser Identifier cookie used for diagnostic purposes for LinkedIn