---
name: pii-handling
description: >
  Rules for handling personally identifiable information. Use whenever code reads,
  stores, logs, transmits, or redacts user data (names, emails, PAN, SSN, etc.).
---

# PII Handling

## Core rules
- Minimize: don't collect or persist PII you don't need.
- Never log raw PII. Redact at the boundary (see references/redaction-rules.md).
- Encrypt in transit (TLS) and at rest; keys from the vault.

## Redaction quick reference
- PAN: keep first 6 + last 4. CVV: never store. SSN: mask all but last 4.
- A field not classified defaults to NOT logged until reviewed.

## Access
- PII access is authorized and audited (see the `regulatory-logging` skill).
- No PII in analytics events, URLs, or error payloads.

Put the full field-by-field table in references/redaction-rules.md (tier-3),
not in this body.