What's the difference between private, personally identifiable, and sensitive information?

Private information is confidential in some contexts.

Personally identifiable information (PII) identifies or can be used to identify, contact, or locate the person to whom the information pertains.

Some PII information is sensitive.

A person's name isn't private. It's PII but not sensitive in most contexts. The names and work phone numbers of employees may be public knowledge within an enterprise, so not sensitive but PII. In some circumstances it's reasonable to protect such information.

Some data isn't PII but is sensitive, such as medical data, or information about a person's race, religion or sexual orientation. This information can't generally be used to identify a person, but is considered sensitive.

Some data isn't private or personal, but is sensitive. Salary ranges for grades or jobs may need to be protected from view by users in those ranges and only available to senior management.

Some data isn't private or sensitive except when associated with other data the isn't private or sensitive. For example, date or place of birth isn't a PII attribute because by itself it can't be used to uniquely identify an individual, but it's confidential and sensitive in conjunction with a person's name.