Regulated PII Based on Application Type or Hosting Agreement

B.

Contractual PII has specific requirements for the handling of sensitive and personal information, as defined at a contractual level.

These specific requirements will typically document the required handling procedures and policies to deal with PII.

They may be in specific security controls and configurations, required policies or procedures, or limitations on who may gain authorized access to data and systems.

The correct answer is B. Contractual.

Personally Identifiable Information (PII) is any information that can be used to identify an individual. The regulation of PII is critical, and different types of PII are regulated differently.

When an organization uses a cloud service provider to host their application or data, they enter into a hosting agreement that outlines the terms and conditions for the use of the service. The agreement often includes provisions that regulate the use and handling of PII.

The type of PII that is regulated depends on the specific hosting agreement between the organization and the cloud service provider. The agreement may specify the types of PII that are subject to regulation or may be based on the type of application being hosted. For example, health information may be subject to more stringent regulations than other types of PII.

Therefore, the regulation of PII is based on the conditions outlined in the hosting agreement, which is a contractual agreement between the organization and the cloud service provider.