Data such as first/last name, phone, address, patient identifiers, etc. that can identify a real person and therefore carry compliance requirements (HIPAA, GDPR, etc.). In the talk's case study the inherited database was full of PII and the prior vendor had treated it like any other data. PII also blocks uniqueness validation during scraping because identity can't be asserted until the user provides consent.