What is Personally Identifiable Information, and What Does PII Include?

  • By Bree Ann Russ
  • Published: Jul 13, 2022
  • Last Updated: Jul 31, 2024

 

Today, protecting personal information is more important than ever. As we use different online platforms, we are constantly sharing information that can clearly identify us. That is why it's important to know how to protect PII.

What is Pii

What is Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is sensitive data that can identify an individual, including names, addresses, phone numbers, email addresses, social security numbers, passport numbers, driver's license numbers, and other similar information. The consequences of a data breach or leak of personal identifiable information (PII) can be severe, impacting both the individuals affected and the organizations storing their data. Therefore, businesses must take precautions when handling sensitive information about their customers or employees. In the context of computer systems and digital environments, PII covers any information that can identify a person and is crucial for maintaining privacy and security.

PII can be broadly categorized into two types:

  1. Sensitive PII: This includes information that, if disclosed, could cause harm or embarrassment to an individual. Examples include Social Security numbers, financial information, health records, and biometric data.
  2. Non-sensitive PII: This refers to information that is publicly available and less likely to cause harm if disclosed, such as names, addresses, and phone numbers. However, when combined with other data, even non-sensitive PII can become sensitive.

Types of Personally Identifiable Information

What is personal identifiable information(PII) data, then? Many types of PII fall under the category of PII data. The most common PII types are: Sensitive PII and Non-sensitive PII

Sensitive PII

Sensitive PII includes information that, if disclosed, could cause harm or embarrassment to an individual. Examples of sensitive PII encompass a wide range of data points:

  • Social Security numbers
  • Financial information
    • Credit card numbers
    • Bank account details
    • Tax records
  • Health records
    • Medical histories
    • Diagnoses
    • Treatment plans
    • Insurance information
  • Biometric data
    • Fingerprints
    • Facial recognition patterns
    • Retina scans

Non-sensitive PII

Non-sensitive PII refers to information that is publicly available and less likely to cause harm if disclosed. Examples of non-sensitive PII include:

  • Names
  • Addresses
  • Phone numbers

It is important to note that even non-sensitive PII can become sensitive when combined with other data:

  • Name and address linked with:
    • Birth dates
    • Employment information
    • Purchase history

In some situations, the date of birth might qualify as personal information if paired with another identifier, such as a name or address. Other examples include username and password combinations, medical record numbers, school ID numbers, bank account numbers, credit card account information, and biometric data, such as fingerprints or retina scans.

Personally Identifiable Information types

 

The Importance of PII

The importance of PII lies in its potential impact on both individuals and organizations. Here are some key reasons why PII is critical:

  1. Privacy Protection: PII contains private information that individuals may not wish to be publicly accessible. Protecting PII ensures that personal details remain confidential and are only shared with authorized entities.
  2. Identity Theft Prevention: One of the primary reasons for safeguarding PII is to prevent identity theft. When PII falls into the wrong hands, it can be used to impersonate individuals, leading to fraudulent activities such as opening bank accounts, applying for credit, or making unauthorized purchases.
  3. Compliance with Regulations: Various laws and regulations, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States, mandate the protection of PII. Organizations must comply with these regulations to avoid legal consequences and maintain their reputation.
  4. Trust and Reputation: For businesses, protecting customers' PII is crucial for maintaining trust and credibility. Data breaches that compromise PII can lead to significant reputational damage and loss of customer confidence.
  5. Operational Security: Protecting PII is also essential for the overall security of an organization's operations. Unauthorized access to PII can lead to broader security breaches, putting the organization's systems and data at risk.

Data Breaches Involving Personal Identifiable Information (PII)

There are many examples of data breaches compromising PII. In the last few years, we’ve seen massive data breaches from companies such as Yahoo, Equifax, and Verizon.

In 2016, Verizon acquired the assets of Yahoo and discovered that hackers had breached Yahoo's systems in 2013, stealing information associated with over 500 million accounts, including names, email addresses, telephone numbers, dates of birth, hashed passwords, and even unencrypted security questions and answers.

In 2017, credit reporting firm Equifax reported a data breach that affected over 145 million customers. The breach included PII such as names, addresses, SSNs, and even some driver’s license numbers.

In the same year, telecommunications giants Verizon and  AT&T reported breaches that affected over 14 million customers.

What Can Be Done to Protect Your PII?

There are many options businesses have when it comes to Personal Identifiable Information (PII) protection. As a business owner, you want to ensure access points are safe for employees and customers, your networks are secure, and each device allows individual access only.

Implement Strong Access Controls

Access controls are the gatekeepers of data. In other words, they are the systems and processes that determine who has permission to access which data. Access controls typically fall into two categories:

  • Authentication - Authentication is confirming that someone is who they say they are. It often involves checking a person's username and password to ensure that the information is correct. Multi-Factor Authentication is critical to any access control system because it prevents unauthorized users from accessing data.
  • Authorization - Authorization is determining what a person is allowed to do. It often includes determining a person's role and what systems they are allowed to access. An authorization system will prevent someone with a general role from accessing highly-specific data.

Implement Strong Network Controls

Network controls protect a company's IT infrastructure from both external and internal threats. External threats include hackers, spammers, and other cybercriminals attempting to infiltrate the network.

Employees who are either maliciously or inadvertently causing harm to the network are the most common cause of internal threats. Businesses need a firewall configured to allow only authorized traffic to enter the network to protect against external threats. Wireless networks should also be encrypted to prevent eavesdropping and other forms of interception.

Implement Strong Device Controls

There are several ways to protect data on individual devices such as laptops and smartphones. One way is to implement controls that prevent someone from connecting an unauthorized device to the network.

Another way is to encrypt all data on the device so no one can read it without the proper decryption key. Using multi-factor authentication also helps to ensure that the person using the device is the person who should be using it.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Is Upwork Legit and How To Protect Yourself?

Is Upwork Legit and How To Protect Yourself?

Doing business online has become simpler with the development of the Internet and mobile technologies. In general, both freelancers and clients benefit from the freelancing platforms.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close