個人を特定できる情報 (PII = Personally Identifiable Information) または個人情報は、単一の個人に対応するデータを指します。 個人を特定できる情報としては電話番号、国民識別番号、メールアドレス、または個人に対してそれ単体、あるいは他の情報と組み合わせて連絡を取ったり、身元を特定したり、居所を割り出したりすることが可能なデータが考えられます。
In response to businesses collecting and storing more and more individuals’ PII (also known as personal data), individuals and regulators have been applying greater scrutiny to how businesses use and safeguard that data. As a result, various jurisdictions have passed legislation to limit the use, distribution, and accessibility of PII, while allowing companies who need it to manage the data safely.
As PII (or personal data) is a legal concept rather than a technical concept, legislation around PII varies across different jurisdictions. Global privacy laws like GDPR in the European Union, sectoral laws like HIPAA and PCI in the United States, state laws like CCPA, CPRA, CalOPPA, state and regional data breach laws, and other regulations control what defines PII. Which data is classified as PII may also differ by use case. For instance, depending on the jurisdiction or your use case, IP addresses may or may not be considered PII.
Twilioは弊社のお客様の情報の管理を重要なものとして位置付けています。 弊社内にはお客様のデータの安全を保つためのソフトウェア、構成、プロセス、そしてデータ管理に対するガイドラインがあります。 Twilioのシステム内においては、個人を特定できる情報に該当しうるデータを異なる方法で管理しています。
Twilio manages fields marked PII in Twilio’s documentation as though they contain PII, also known as personal information or personal data. This means that Twilio implements appropriate technical and organizational security controls as appropriate to the risk associated with that data. For example, data will not be visible to Twilio’s employees unless they are acting as a surrogate for you (e.g., debugging on your behalf) or have some other legitimate businesses need to access it. As well, values are anonymized or removed when we need to hold on to information for statistical analysis, reporting, and capacity planning - none of which require the PII itself. Names, your end users’ phone numbers, or transcriptions of voice calls and chats are all examples of fields that Twilio treats as containing PII. Phone numbers that you rented from Twilio, whether a long code or short code, because they are owned by Twilio, are managed differently from non-Twilio numbers.
Each Twilio field marked as PII is also marked with an MTL - a Minimum Time to Live. This is the number of days after creation that data will be stored in Twilio's systems for carrier reconciliation, tax management, or other business purpose that requires us to hold the data. Outside of the MTL, deletions from a Twilio API will be applied immediately, however it may take up to 30 days to delete from backups and other interconnected systems. For example, if a resource has MTL of 90 days, and you delete it on day 1 after creation, information will be completely gone 91 days after creation, because of the MTL. If you delete it on day 90, it will be gone by day 120, taking 30 days. If you have special retention requirements, check with our support team or success manager for potential options.
When you leave Twilio following a reasonable grace period to allow you to change your mind, all PII data is anonymized or removed from Twilio’s systems where possible within 30 days except where the MTL is longer.
Please note that in addition to the MTL listed, we may also retain PII in connection with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse, or if required to do so in connection with legal matters such as litigation, law enforcement requests, or government investigations.
Fields marked with “Not PII” are stored in Twilio and may be used for counting or other operations as Twilio runs its systems. These fields generally cannot be redacted or removed.
In some instances, you might be able to control the data in these fields. You should take care not to place PII in fields with this designation. Twilio does not treat this data as PII, and its value may be visible to Twilio employees, stored long-term, and may continue to be stored after you’ve left Twilio’s platform.
If you think you need to put PII in these fields, please check with our support team to see if there’s a better way to manage your data.