Identity theft is one of the most rampant cyber crimes in the world. Identity theft statistics show that 889 million data breaches occurred in 2021, affecting over 150 million people.
Data gets stolen mainly because of the careless use of PII or Personally Identifiable Information.
Your PII needs protecting. In this article, learn the definition and examples of PII and how to boost your information security to guard yourself against cyberattacks.
π Key Takeaways:
- PII, or Personally Identifiable Information, encompasses details that directly or indirectly establish an individual’s identity, such as full name, phone number, and social security number.
- Sensitive PII, like social security numbers, credit card information, and medical records, requires encryption for protection, while non-sensitive PII, such as gender and workplace details, can lead to identity exposure.
- Legal regulations, including the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR), exist to safeguard PII, with various countries worldwide having privacy laws to address the collection, use, and sharing of private information.
What is PII?
Personally Identifiable Information (PII) is any information that determines an individual’s identity directly or indirectly.
PII includes a person’s full name, phone number, or social security number. These information pieces are also considered Direct Identifiers as they identify anyone with no supplementary information.
On the other hand, ethnicity, age, and race are called Indirect Identifiers because they can only be linked to a person with the help of more identifiers.
Uses of PII
PII is used to identify and locate users. It also leverages enterprises in classifying which data should be stored, processed, or managed for their gains. Since it uniquely distinguishes consumers from one another, businesses employ it to develop or improve services, products, and ads.
PII collection has grown over the past decades. Although storing personal information has helped enterprises, it has also invited cybercrimes.
PII attracts many cyberattacks. Hackers are known to cause data breaches and steal PII. They tend to hold them captive through deviant ransomware or sell stolen PII on the dark web.
The latest statistics revealed that 15 million Americans had their IDs stolen in 2021 alone. Moreover, 75% of companies have admitted to dealing with data breaches, causing significant disruptions to their businesses.
Sensitive PII vs. Non-sensitive PII
Experts divide PII into two groups: Sensitive and Non-sensitive. Identity thieves usually steal Sensitive PII because it gives them access to a person’s properties and finances.
Sensitive PII has to be transmitted and stored with encryption, something that Non-Sensitive PII can go without.
Sensitive PII
Sensitive PII is information that could cause significant harm to a person if it’s lost, stolen, compromised, or disclosed without authorization.
Examples of Sensitive PII are:
- Full name
- Mother’s maiden name
- Biometrics like DNA or fingerprints
- Email address
- Personal or home phone number
- Social security number (SSN)
- Passport code or number
- Driver’s license
- Credit card information
- Debit card information
- Other financial or bank information
- Medical records
- Criminal records
π‘Did you know? In January 2023, a famous American restaurant, Five Guys, admitted to a large data breach back in September 2022. COO Sam Chamberlain addressed the cybercrime in an open letter, only admitting it months after the attack. Hackers stole sensitive PII from employees and customers, such as names, social security numbers, and driver’s license numbers. |
Non-sensitive PII
Indirect or Non-sensitive PII can be accessed from public sources like the Internet, phonebooks, and corporate directories.
Non-sensitive PII is still linkable information that can reveal a person’s true identity. If combined with the other PII type, Non-sensitive PII becomes sensitive.
Indirect PII can be:
- Work phone number
- Work email address
- Workplace
- Gender
- Zip code
- Date of birth
- Place of birth
- Religion
- Race
β
Pro Tip: If you’re looking for someone, you can access some of their PII through People Finders. You can also use reverse lookup services to determine that person’s current location. |
Examples of PII
The internet stores a lot of identifiable information about you. Below is a list of extensive identifiers to help you familiarize and safeguard your PII:
- Name:
- full name
- maiden name
- mother’s maiden name
- alias
- Birth information:
- Date of birth
- Place of birth
- Geographical indicators:
- Mailing or street address
- Zip code
- Contact information:
- Personal phone numbers
- Personal email addresses
- Personal characteristics:
- Gender
- Religion
- Race
- Handwriting
- Photographic IDs or images of your face
- Biometrics:
- Fingerprint
- Facial geometry
- Retina scan
- Voice signature
- Government identification numbers:
- Social Security Number (SSN)
- Passport number
- Taxpayer identification number
- Driver’s license number
- Other Government-issued ID numbers
- Financial information:
- Bank account numbers
- Credit card numbers
- Debit card numbers
- Information that identifies properties owned:
- VINs
- Title numbers
- Asset information:
- Internet Protocol (IP)
- Media Access Control (MAC)
- Occupational or employment information:
- Professional license number
- Place of work
- Employee ID number
- Workplace address
- Business or workplace phone number
- Business or Workplace email address
- Medical records and patient identification numbers
- Educational records
- Criminal records
βοΈIn a Nutshell There’s a long list of identifiable information about you. These nuggets of information can range from your name to your biometrics to your medical records. Knowing which PII can truly compromise you is the first step to keeping yourself safe online. |
Laws Surrounding PII
There are several ways to protect your digital footprint. However, one of the best is to familiarize the regulations to prevent nefarious people and organizations from stealing and misusing your PII.
Several laws in the world mention PII, including the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Not complying with these PII laws can lead to fines and litigation.
1. Federal Privacy Regulations in the US
Instead of having just one unified PII law, the US has a few federal laws that state how to handle an individual’s data.
The country also has a governing body that prosecutes illegal PII collection and use.
- The Privacy Act of 1974 protects people against the invasion of privacy by federal agencies and institutions that work with them.
- The California Privacy Act (CCPA) explains a person’s right to know the information that a business collects from them and how it’s used and shared.
- The Health Insurance Portability and Accountability Act (HIPAA) exacts how healthcare organizations should gather and protect patient PII and other medical records.
- The Children’s Online Privacy Protection Act (COPPA) watches over how companies gather and save information from 13-year-old children and younger.
- The Gramm-Leach-Bliley Act (GLBA) compels institutions that sell financial products or services like insurance, financial or investment advice, or loans to explain their information-gathering and sharing practices to clients.
- The Fair Credit Reporting Act (FCRA) watches over consumers’ credit information and access to credit reports.
- The Federal Trade Commission Act (FTCA) has investigative, law enforcement, and rulemaking authority on companies that have deceptive schemes in using PII.
2. International Privacy Regulations
About 71% of all countries have legislation to protect their citizens’ privacy. These laws focus on collecting, using, and sharing private information without giving notice or consent from consumers.
- In Europe, the EU’s General Data Protection Regulation (GDPR) guides and regulates how companies worldwide handle customer personal information.
- Australia has the 1988 Privacy Act to protect citizens from the invasion of privacy by companies and government agencies.
- The Indian Digital Personal Data Protection Bill of 2022 proposed revising the 2018 version. It would require bodies to get explicit consent before collecting data unless it’s in the public’s interest.
- China has Personal Information Protection Law (PIPL) protects personal information and addresses data leakage problems.
Protecting Your PII
Enterprises are legally responsible for keeping your PII safe. However, it’s up to you to ultimately safeguard them.
Cybercriminals could use your PII to commit fraud or other crimes. Identity theft can be a traumatic experience and can even cost millions. For one thing,
So you should be more attentive in using your private information online. Here are simple and helpful ways to protect your PII and retain your anonymity:
- Practice identity security to protect your digital assets from unauthorized access.
- Research the website that asks for your information and pay attention to its privacy policy.
- Set your social media accounts to private.
- Delete your browser’s cache once in a while to help protect your privacy.
- If deleting yourself from the internet isn’t an option, ask Google to erase Google search results about you.
- Install a robust antivirus to boost your computer’s defenses and prevent cyberattacks.
- For businesses, use an EDR solution (Endpoint Detection and Response).
- Using your antivirus suite, encrypt your files.
- Invest in a strong VPN like Nord VPN or Express VPN to hide some of your information online.
- Enable 3FA or MFA on all your online accounts.
- Don’t use the same password on multiple accounts.
- Stay away from quizzes and other dubious games online. They may discreetly collect private data.
- Store your social security card securely at home, not inside your wallet or purse.
- Don’t save your account numbers and passwords in one place.
π Helpful Articles: Learning about PII is crucial to safeguarding your privacy online. To extend that knowledge, here’s a list of helpful articles about Internet privacy: |
Wrap Up
PII is more than just any information you can throw around the Internet. It’s a collection of sensitive data that can pinpoint a person’s true identity, their location– their entire life.
With this, PII is a frequent target for cyber criminals who will use it for identity fraud or sell it to someone who will.
Your PII may be as simple as a few strings of numbers, but it can cause life-altering experiences if not guarded closely.
The government may have written several laws to protect it. But in the end, it’s up to you to protect your PII and your privacy.
FAQs
What are examples of personally identifiable information that should be protected?
Sensitive PII should be protected at all times. Examples are your full name, mother’s maiden name, Social Security Number (SSN), Passport information, fingerprints, personal phone number, and financial or bank information.
What is the difference between personal information and personally identifiable information?
Personal information is broader than PII. A person’s device ID numbers and browser history are part of their personal information. However, only their full name, phone number, and email address are considered PII because they can be used to identify them accurately.
Is a birthday considered PII?
A birthday is personally identifiable information. Specifically, it’s a Sensitive PII that may be able to cause harm to a person if it’s lost or disclosed.
Sources
Timeline Of The Article
With a master's degree in telecommunications and over 15 years of working experience in telecommunications, networking, and online security, he deeply understands cybersecurity's value and importance. Max leverages his vast experience and knowledge to research the latest cyber threats, scams, malware, and viruses in-depth.