個人を特定できる情報 (PII = Personally Identifiable Information)

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

個人を特定できる情報 (PII = Personally Identifiable Information) または個人情報は、単一の個人に対応するデータを指します。 個人を特定できる情報としては電話番号、国民識別番号、メールアドレス、または個人に対してそれ単体、あるいは他の情報と組み合わせて連絡を取ったり、身元を特定したり、居所を割り出したりすることが可能なデータが考えられます。

個人を特定できる情報の判別方法

In response to businesses collecting and storing more and more individuals’ PII (also known as personal data), individuals and regulators have been applying greater scrutiny to how businesses use and safeguard that data. As a result, various jurisdictions have passed legislation to limit the use, distribution, and accessibility of PII, while allowing companies who need it to manage the data safely.

As PII (or personal data) is a legal concept rather than a technical concept, legislation around PII varies across different jurisdictions. The GDPR in the European Union, HIPPA and PCI in the United States, state laws like CalOPPA and other data breach laws, and other regulations control what defines PII. Which data is classified as PII may also differ by use case. For instance, depending on the jurisdiction or your use case, IP addresses may or may not be considered PII.

個人を特定できる情報をTwilioがいかに管理するか

Twilioは弊社のお客様の情報の管理を重要なものとして位置付けています。 弊社内にはお客様のデータの安全を保つためのソフトウェア、構成、プロセス、そしてデータ管理に対するガイドラインがあります。 Twilioのシステム内においては、個人を特定できる情報に該当しうるデータを異なる方法で管理しています。

  • Twilioでは、システム内でどのデータが個人を特定できる情報として管理されているかを明確にし、お客様のデータが正しい方法で管理されていることを、お客様の管轄区域やユースケースに対して担保するために役立てられるようコミットしています。
  • Twilioでは弊社とお客様との法的な関係についての詳細を拡張するData Protection Addendumを用意しており、これはTwilioがお客様に代わってデータを管理する方法を明確にするうえで役立ちます。
  • 欧州のお客様は、弊社のPrivacy Sheld Statementをお読みください。 このドキュメントはお客様のデータのうち一部が欧州から送信される場合のデータの管理方法を明確にします。 メモ: 欧州所在のお客様ではない、あるいは欧州の電話番号をお使いでない場合でも、通話の相手が欧州在住の欧州人の可能性があります。

Twilioの電話番号の秘匿メッセージ本文の秘匿、および通話録音の暗号化を使用すると、個人を特定できる情報を削除または暗号化できるので、こうした情報を第三者が見ることができなくなります。

PII fields

Twilio manages fields marked PII in Twilio’s documentation as though they contain PII, also known as personal information or personal data. This means that Twilio implements appropriate technical and organizational security controls as appropriate to the risk associated with that data. For example, data will not be visible to Twilio’s employees unless they are acting as a surrogate for you (e.g., debugging on your behalf) or have some other legitimate businesses need to access it. As well, values are anonymized or removed when we need to hold on to information for statistical analysis, reporting, and capacity planning - none of which require the PII itself. Names, your end users’ phone numbers, or transcriptions of voice calls and chats are all examples fields that Twilio treats as containing PII. Phone numbers that you rented from Twilio, whether a long code or short code, because they are owned by Twilio, are managed differently from non-Twilio numbers.

Each Twilio field marked as PII is also marked with an MTL - a Minimum Time to Live. This is the number of days after creation that data will be stored in Twilio's systems for carrier reconciliation, tax management, or other business purpose that requires us to hold the data. Outside of the MTL, deletions from a Twilio API will be applied immediately, however it may take up to 30 days to delete from backups and other interconnected systems. For example, if a resource has MTL of 90 days, and you delete it on day 1 after creation, information will be completely gone 91 days after creation, because of the MTL. If you delete it on day 90, it will be gone by day 120, taking 30 days. If you have special retention requirements, check with our support team or success manager for potential options.

PII management when you leave Twilio

When you leave Twilio following a reasonable grace period to allow you to change your mind, all PII data is anonymized or removed from Twilio’s systems where possible within 30 days except where the MTL is longer.
Please note that in addition to the MTL listed, we may also retain PII in connection with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse, or if required to do so in connection with legal matters such as litigation, law enforcement requests, or government investigations.

Fields marked “Not PII”

Fields marked with “Not PII” are stored in Twilio and may be used for counting or other operations as Twilio runs its systems. These fields generally cannot be redacted or removed.
In some instances, you might be able to control the data in these fields. You should take care not to place PII in fields with this designation. Twilio does not treat this data as PII, and its value may be visible to Twilio employees, stored long-term, and may continue to be stored after you’ve left Twilio’s platform.
If you think you need to put PII in these fields, please check with our support team to see if there’s a better way to manage your data.

関連トピック

下記のリソースをお読みいただき、Twilioにおけるデータのプライバシーについて理解を深めてください:

Rate this page: