Personally identifiable information (PII) is data which may potentially identify a specific individual, for example, if a web site includes a full name or e-mail address in the URL, this information may be passed to advertisers as for the most part the URL where a request came from is shared as a referrer, or explicit value to log where an impression was served.
For the most part PII violations are not serious, they could flag something as simple as including an '@' in the URL, however, it's best to avoid them wherever possible, and take into account what could be detected as PII.
You may receive a notice from your yield manager regarding PII violations on your domains, it is imperative that any violations are quickly resolved in order to avoid disabling demand to protect user information.
Avoid including any email addresses in URLs on your site, for example, if a user john.doe@awesomesite.com logs in, do not include this in the domain like http://awesomesite.com/user/john.doe@awesomesite.com.
Additional things to avoid are:
Avoid sending PII to any ad server targeting key-values as these may be flagged as a violation.
Google Analytics - Best practices to avoid sending Personally Identifiable Information (PII)
Google AdSense - Best practices to avoid sending Personally Identifiable Information (PII)
AdManager - Understanding PII in Google's contracts and policies