What Is Personally Identifiable Information (PII)?

Nowadays, vast amounts of personal data are collected, stored, and processed by various organizations, so proper management and protection of PII are vital to safeguarding privacy and preventing identity theft, fraud, and other malicious activities.

Understanding Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is any information that can be linked to a specific individual and allows for their identification. This data can be as straightforward as a person’s full name or as sensitive as their Social Security number. Examples of PII include:

• Full name
• Social security number
• Date of birth
• Home address
• Phone number
• Email address
• Passport number
• Driver’s license number

The current reliance on information technology has led to an exponential increase in the sharing and collection of PII. Organizations gather PII to better understand their markets and enhance their products and services. For instance, companies collect customer data to deliver personalized experiences, like relevant search results in navigation apps or tailored product recommendations in online stores.

Direct vs. Indirect Identifiers

PII is classified into two categories: direct identifiers and indirect identifiers.

Direct identifiers are unique pieces of information that can directly and unmistakably identify an individual. Examples include:

• Passport number
• Driver’s license number
• Social Security number
• Full name

A single direct identifier is usually sufficient to pinpoint someone’s identity without any additional information.

Indirect identifiers, on the other hand, are pieces of information that, by themselves, do not uniquely identify an individual. These include:

• Race
• Place of birth
• Gender
• ZIP code
• Date of birth

While each indirect identifier alone might not reveal someone’s identity, a combination of them can.

Sensitive PII vs. Non-sensitive PII

Personally identifiable information (PII) can be either sensitive or nonsensitive.

Sensitive PII

Sensitive PII includes information that, if disclosed, could cause significant harm to an individual. This type of PII includes legal identifiers and highly personal information such as a full name, Social Security Number (SSN), driver’s license number, mailing address, credit card information, passport details, financial information, and medical records. These pieces of information are critical to an individual’s identity and privacy, and their exposure could lead to identity theft, financial loss, and other serious consequences.

Companies that handle sensitive PII often use anonymization techniques to protect this data. These methods encrypt the information, ensuring it is received in a form that is not personally identifiable. For instance, healthcare providers often need to share patient data for research purposes. When sharing this information, they anonymize sensitive PII such as patient names, Social Security numbers, and medical record numbers. This allows researchers to access necessary health information without compromising patient privacy.

Non-sensitive PII

Non-sensitive PII refers to information that is easily accessible from public sources such as phone books, the internet, and corporate directories. This includes data like ZIP code, race, gender, date of birth, place of birth, and religion. These pieces of information, known as quasi-identifiers, can be released to the public without immediate risk of identifying an individual.

However, while non-sensitive PII is not inherently delicate, it is linkable: when combined with other personal linkable information, non-sensitive data can reveal an individual’s identity. Techniques like de-anonymization and re-identification are often successful when multiple sets of quasi-identifiers are pieced together, distinguishing one person from another. So, even nonsensitive information must be cautiously managed to prevent unintended identification.

How PII is Stolen

Despite best efforts to protect personally identifiable information (PII), cybercriminals continually devise new methods to steal it. Let’s go over some of them:

1. Phishing attacks. Phishing is a common method where attackers send fraudulent emails or messages pretending to be from legitimate sources. These messages often contain links to fake websites designed to steal login credentials, financial information, or other sensitive data.
2. Data breaches. Large-scale data breaches occur when hackers infiltrate a company’s network and access sensitive information. High-profile breaches at major corporations have exposed millions of people’s PII, including Social Security numbers, credit card information, and medical records.
3. Skimming devices. Criminals use skimming devices to capture information from credit and debit cards. These devices can be attached to ATMs, gas station pumps, or point-of-sale terminals. When you swipe your card, the skimmer reads and stores your card details, which thieves later retrieve.
4. Malware and spyware. Malware, including spyware, is malicious software installed on your computer or mobile device without your knowledge. It can capture keystrokes, steal login credentials, and access sensitive information stored on your device.
5. Dumpster diving. Identity thieves often rummage through trash bins looking for discarded documents containing PII. Bank statements, credit card offers, medical bills, and other papers can be used to piece together your identity.
6. Social engineering. Social engineering involves manipulating individuals into divulging confidential information. Cybercriminals may pose as trusted figures to trick you into revealing passwords, account numbers, or other sensitive data.
7. Public Wi-Fi networks. Using public Wi-Fi networks can expose your data to interception. Hackers can set up fake Wi-Fi hotspots or use software to eavesdrop on your internet activity, capturing login details, credit card numbers, and other sensitive information.
8. Lost or stolen devices. Losing your phone, laptop, or other device can result in the theft of any PII stored on it. If the device is not protected with a strong password or encryption, thieves can easily access your personal information.

It’s important to be aware of these common methods and take precautions to protect your PII.

Tips on Protecting PII

Protecting your personally identifiable information (PII) is crucial, even though it’s impossible to eliminate all risks. You can significantly reduce the chances of your PII being stolen if you take the right steps. Here are some practical tips to help you keep your information safe:

• Secure your mail. A locked mailbox or P.O. box can prevent thieves from stealing your mail. Additionally, shred any personal information on junk mail or documents before discarding them to make it harder for identity thieves to associate a name with an address.
• Limit the PII you carry. Avoid carrying unnecessary PII with you. For example, there’s no need to keep your Social Security card in your wallet. Only carry essential identification to minimize the risk if your wallet is lost or stolen.
• Use strong, unique passwords. Data leaks are a common source of identity theft. To protect your online accounts, use different, complex passwords for each one and update them regularly. 
• Encrypt important data. Always encrypt sensitive information stored on your devices to add an extra layer of security, making it more difficult for cybercriminals to access your data if your device is lost or stolen.
• Password-protect devices. Ensure all your phones, computers, and other devices are secured with strong passwords. This helps prevent unauthorized access to your personal information if your devices are compromised.
• Be cautious when disposing of electronics. Before selling or donating a computer, reformat the hard drive to erase all data to ensure that your personal information is not accessible to the next user.

These measures can make you a less attractive target for identity thieves and better protect your PII.

Summary

• PII includes any data that can uniquely identify an individual, such as names, Social Security numbers, addresses, phone numbers, and email addresses.
• Common examples of PII are full names, birth dates, passport numbers, and driver’s license numbers.
• PII can be stolen through phishing attacks, data breaches, skimming devices, malware, and social engineering.
• Protect your PII by using strong, unique passwords, encrypting sensitive data, securing your mail, and limiting the PII you carry.