What is PII, and What Does PII Include?

  • By Bree Ann Russ
  • Jul 13, 2022

What is Pii

Personally Identifiable Information (PII) is sensitive data that can identify an individual. Examples of PII include an individual's name, address, phone number, email address, social security number, passport number, driver's license number, and other similar PII information. The consequences of a data breach or leak of PII can be severe in terms of adverse effects on the affected individuals and the organizations that store their data. For this reason, businesses must take precautions when handling sensitive information about their customers or employees.

PII Meaning

So, what is PII exactly? The acronym PII stands for Personally Identifiable Information. In other words, any information that could identify an individual. Note that this is not only a person's name; it could also include their address, telephone number, or even their IP address (although some do not consider these as sensitive as a name).

PII is used in the context of computer systems to identify people in a digital environment. PII also covers the context of privacy and includes any information that can identify a person.

What Does Personally Identifiable Information Include?

Personally Identifiable Information

What is PII data, then? Many types of PII fall under the category of PII data. The most common PII types are:

  • Name - Including the first name and last name of an individual.
  • Address - Including the home address, mailing address, or other address where a person can be found.
  • Telephone numbers - Including a home phone, cell phone, office number, or other phone numbers associated with the person.
  • Email addresses - Including the email address the person uses regularly.
  • Social security number - This is a nine-digit number used to identify an individual for their work history.
  • Passport number - This is a nine-digit number used to identify a person for international travel.
  • Driver’s license number - This number identifies a person's ability to operate a vehicle.

In some situations, the date of birth might qualify as personal information if paired with another identifier, such as a name or address. Other examples include username and password combinations, medical record numbers, school ID numbers, bank account numbers, credit card account information, and biometric data, such as fingerprints or retina scans.

Data Breaches Involving PII

There are many examples of data breaches compromising PII. In the last few years, we’ve seen massive data breaches from companies such as Yahoo, Equifax, and Verizon.

In 2016, Verizon acquired the assets of Yahoo and discovered that hackers had breached Yahoo's systems in 2013, stealing information associated with over 500 million accounts, including names, email addresses, telephone numbers, dates of birth, hashed passwords, and even unencrypted security questions and answers.

In 2017, credit reporting firm Equifax reported a data breach that affected over 145 million customers. The breach included PII such as names, addresses, SSNs, and even some driver’s license numbers.

In the same year, telecommunications giants Verizon and AT&T reported breaches that affected over 14 million customers.

The Importance of Protecting PII

The importance of protecting Personally Identifiable Information is undeniable. In the event of a data breach, the PII can lead to identity theft or fraud. It could also allow thieves to gain physical access to a person's home or workplace.

With the right PII, criminals can open new credit accounts in someone else’s name or access money in those individuals’ bank accounts.

If a business is found to be negligent in terms of protecting PII, it can incur significant fines. In addition to fines, a company that suffers a data breach can suffer from negative publicity. 

Customers and clients may lose trust in the company and choose to do business with another firm. Employees may also become less likely to stay with the company and be more likely to leave to work for a competitor.

What Can Be Done to Protect Your PII?

There are many options businesses have when it comes to PII protection. As a business owner, you want to ensure access points are safe for employees and customers, your networks are secure, and each device allows individual access only.

Implement Strong Access Controls

Access controls are the gatekeepers of data. In other words, they are the systems and processes that determine who has permission to access which data. Access controls typically fall into two categories:

  • Authentication - Authentication is confirming that someone is who they say they are. It often involves checking a person's username and password to ensure that the information is correct. Multi-Factor Authentication is critical to any access control system because it prevents unauthorized users from accessing data.
  • Authorization - Authorization is determining what a person is allowed to do. It often includes determining a person's role and what systems they are allowed to access. An authorization system will prevent someone with a general role from accessing highly-specific data.

Implement Strong Network Controls

Network controls protect a company's IT infrastructure from both external and internal threats. External threats include hackers, spammers, and other cybercriminals attempting to infiltrate the network.

Employees who are either maliciously or inadvertently causing harm to the network are the most common cause of internal threats. Businesses need a firewall configured to allow only authorized traffic to enter the network to protect against external threats. Wireless networks should also be encrypted to prevent eavesdropping and other forms of interception.

Implement Strong Device Controls

There are several ways to protect data on individual devices such as laptops and smartphones. One way is to implement controls that prevent someone from connecting an unauthorized device to the network.

Another way is to encrypt all data on the device so no one can read it without the proper decryption key. Using multi-factor authentication also helps to ensure that the person using the device is the person who should be using it.

Become Proactive About Protecting PII

Once you understand the PII meaning, it is easy to see just how far someone could go with little bits of information about you. The goal is always to protect yourself, including any data that is unique to you. Businesses and consumers alike need to step up how they keep data safe. One of the most effective methods of keeping your PII safe is with identity protection services. That way, if any of your PII information gets out, you know and can take steps to keep it safe.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private ig account. You might want to block ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Pubic to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

How to Prevent Data Loss from a Phone Scam

How to Prevent Data Loss from a Phone Scam

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

UNM Health Data Breach

UNM Health Data Breach

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.