What is Personally Identifiable Information? PII Definition + Examples

Identity theft is one of the most rampant cyber crimes in the world. Identity theft statistics show that 889 million data breaches occurred in 2021, affecting over 150 million people. 

Data gets stolen mainly because of the careless use of PII or Personally Identifiable Information. 

Your PII needs protecting. In this article, learn the definition and examples of PII and how to boost your information security to guard yourself against cyberattacks.

What is PII?

Personally Identifiable Information (PII) is any information that determines an individual’s identity directly or indirectly. 

PII includes a person’s full name, phone number, or social security number. These information pieces are also considered Direct Identifiers as they identify anyone with no supplementary information. 

On the other hand, ethnicity, age, and race are called Indirect Identifiers because they can only be linked to a person with the help of more identifiers. 

Uses of PII

PII is used to identify and locate users. It also leverages enterprises in classifying which data should be stored, processed, or managed for their gains. Since it uniquely distinguishes consumers from one another, businesses employ it to develop or improve services, products, and ads.

PII collection has grown over the past decades. Although storing personal information has helped enterprises, it has also invited cybercrimes. 

PII attracts many cyberattacks. Hackers are known to cause data breaches and steal PII. They tend to hold them captive through deviant ransomware or sell stolen PII on the dark web. 

The latest statistics revealed that 15 million Americans had their IDs stolen in 2021 alone. Moreover, 75% of companies have admitted to dealing with data breaches, causing significant disruptions to their businesses.

Sensitive PII vs. Non-sensitive PII

Experts divide PII into two groups: Sensitive and Non-sensitive. Identity thieves usually steal Sensitive PII because it gives them access to a person’s properties and finances. 

Sensitive PII has to be transmitted and stored with encryption, something that Non-Sensitive PII can go without. 

Sensitive PII 

Sensitive PII is information that could cause significant harm to a person if it’s lost, stolen, compromised, or disclosed without authorization.

Examples of Sensitive PII are:

• Full name
• Mother’s maiden name
• Biometrics like DNA or fingerprints 
• Email address
• Personal or home phone number
• Social security number (SSN)
• Passport code or number
• Driver’s license
• Credit card information
• Debit card information
• Other financial or bank information
• Medical records
• Criminal records

Non-sensitive PII

Indirect or Non-sensitive PII can be accessed from public sources like the Internet, phonebooks, and corporate directories. 

Non-sensitive PII is still linkable information that can reveal a person’s true identity. If combined with the other PII type, Non-sensitive PII becomes sensitive. 

Indirect PII can be:

• Work phone number
• Work email address
• Workplace
• Gender
• Zip code
• Date of birth
• Place of birth
• Religion
• Race

Examples of PII

The internet stores a lot of identifiable information about you. Below is a list of extensive identifiers to help you familiarize and safeguard your PII:

• Name:
• full name
• maiden name
• mother’s maiden name
• alias
• Birth information:
• Date of birth
• Place of birth
• Geographical indicators:
• Mailing or street address
• Zip code
• Contact information:
• Personal phone numbers
• Personal email addresses
• Personal characteristics:
• Gender
• Religion
• Race
• Handwriting
• Photographic IDs or images of your face
• Biometrics:
• Fingerprint
• Facial geometry
• Retina scan
• Voice signature
• Government identification numbers: 
• Social Security Number (SSN)
• Passport number
• Taxpayer identification number
• Driver’s license number
• Other Government-issued ID numbers
• Financial information:
• Bank account numbers
• Credit card numbers
• Debit card numbers
• Information that identifies properties owned: 
• VINs
• Title numbers
• Asset information:
• Internet Protocol (IP)
• Media Access Control (MAC)
• Occupational or employment information:
• Professional license number
• Place of work
• Employee ID number
• Workplace address
• Business or workplace phone number
• Business or Workplace email address
• Medical records and patient identification numbers
• Educational records
• Criminal records

Laws Surrounding PII

There are several ways to protect your digital footprint. However, one of the best is to familiarize the regulations to prevent nefarious people and organizations from stealing and misusing your PII.

Several laws in the world mention PII, including the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Not complying with these PII laws can lead to fines and litigation.

Federal Privacy Regulations in the US

Instead of having just one unified PII law, the US has a few federal laws that state how to handle an individual’s data. 

The country also has a governing body that prosecutes illegal PII collection and use.

• The Privacy Act of 1974 protects people against the invasion of privacy by federal agencies and institutions that work with them.
• The California Privacy Act (CCPA) explains a person’s right to know the information that a business collects from them and how it’s used and shared.
• The Health Insurance Portability and Accountability Act (HIPAA) exacts how healthcare organizations should gather and protect patient PII and other medical records. 
• The Children's Online Privacy Protection Act (COPPA) watches over how companies gather and save information from 13-year-old children and younger.
• The Gramm-Leach-Bliley Act (GLBA) compels institutions that sell financial products or services like insurance, financial or investment advice, or loans to explain their information-gathering and sharing practices to clients.
• The Fair Credit Reporting Act (FCRA) watches over consumers' credit information and access to credit reports.
• The Federal Trade Commission Act (FTCA) has investigative, law enforcement, and rulemaking authority on companies that have deceptive schemes in using PII.

International Privacy Regulations

About 71% of all countries have legislation to protect their citizens’ privacy. These laws focus on collecting, using, and sharing private information without giving notice or consent from consumers. 

• In Europe, the EU's General Data Protection Regulation (GDPR) guides and regulates how companies worldwide handle customer personal information.
• Australia has the 1988 Privacy Act to protect citizens from the invasion of privacy by companies and government agencies.
• The Indian Digital Personal Data Protection Bill of 2022 proposed revising the 2018 version. It would require bodies to get explicit consent before collecting data unless it’s in the public’s interest.
• China has Personal Information Protection Law (PIPL) protects personal information and addresses data leakage problems.

Protecting Your PII

Enterprises are legally responsible for keeping your PII safe. However, it’s up to you to ultimately safeguard them. 

Cybercriminals could use your PII to commit fraud or other crimes. Identity theft can be a traumatic experience and can even cost millions. For one thing, 

So you should be more attentive in using your private information online. Here are simple and helpful ways to protect your PII and retain your anonymity:

• Practice identity security to protect your digital assets from unauthorized access.
• Research the website that asks for your information and pay attention to its privacy policy.
• Set your social media accounts to private.
• Delete your browser’s cache once in a while to help protect your privacy.
• If deleting yourself from the internet isn’t an option, ask Google to erase Google search results about you.
• Install a robust antivirus to boost your computer’s defenses and prevent cyberattacks.
• For businesses, use an EDR solution (Endpoint Detection and Response).
• Using your antivirus suite, encrypt your files. 
• Invest in a strong VPN like Nord VPN or Express VPN to hide some of your information online.
• Enable 3FA or MFA on all your online accounts.
• Don’t use the same password on multiple accounts.
• Stay away from quizzes and other dubious games online. They may discreetly collect private data.
• Store your social security card securely at home, not inside your wallet or purse.
• Don’t save your account numbers and passwords in one place.

Wrap Up

PII is more than just any information you can throw around the Internet. It’s a collection of sensitive data that can pinpoint a person’s true identity, their location– their entire life. 

With this, PII is a frequent target for cyber criminals who will use it for identity fraud or sell it to someone who will. 

Your PII may be as simple as a few strings of numbers, but it can cause life-altering experiences if not guarded closely. 

The government may have written several laws to protect it. But in the end, it’s up to you to protect your PII and your privacy.