What Is Personally Identifiable Information (PII)?

Personally Identifiable Information (PII) is an important concept in privacy laws and online security. 

Put simply, PII is any information that can be used to identify an individual. PII can be one piece of information that identifies a person, or it could be information that must be combined with other relevant data to successfully identify someone. 

PII can be divided into two categories: sensitive PII and non-sensitive PII.

What is Sensitive PII? 

Sensitive Personally Identifiable Information is legally identifiable information including a person’s:

• Full, legal name
• Social Security number
• Driver’s license number
• Medical records
• Financial records
• Mailing address
• Credit card number(s)
• Passport number

There are plenty of other unique details that could be considered sensitive PII, but these are the most common kinds – and some of the biggest sources of concern for privacy advocates and online security experts. 

What is Non-Sensitive PII?

Non-Sensitive Personally Identifiable Information (also called Indirect PII) is information that can be accessed by the general public thanks to sources like websites, corporate directories, phonebooks, and more. 

Basically, if it is considered public knowledge, then it is non-sensitive PII. 

This includes things like your:

• Date of birth
• Zip code
• Race
• Religion
• Gender
• Business phone number

These are “quasi-identifiers,” because they may be accurate personal information about an individual, but they cannot be used on their own to determine an individual’s identity. 

When these quasi-identifiers are linked together or to a piece of sensitive information, it may be possible to determine an individual’s unique identity.

How Companies Use Anonymization to Protect Consumer Data

Anonymization is a series of techniques that can encrypt and obscure Personally Identifiable Information. That way, when an individual or organization needs to digitally transfer sensitive information from one place to another, they can do so without making it vulnerable to misuse. 

Data anonymization is used by governments, healthcare providers, businesses, and organizations to preserve the integrity of sensitive PII. 

Sometimes, anonymization is legally mandated by state and federal governments. Industries like healthcare, education, and financial services must meet regulatory standards to protect their patients, clients, and more.

How Cyber Criminals Steal PII

There are low-tech and high-tech methods of stealing Personally Identifiable Information. 

A low-tech strategy is for a criminal to go through a victim’s mail in order to recover personal information like their name, address, banking information, social security numbers, and more. 

Today, most attacks are more sophisticated, and they are dependent upon data vulnerabilities online. 

There are a number of methods available for cyber criminals to steal PII, including: 

• Phishing attacks
• Social engineering
• Email spoofing
• Brute force attacks
• Data breaches
• Man-in-the-middle attacks
• Program hacking

How to Protect Your Personally Identifiable Information

It is important to be upfront about this: you are unlikely to be able to scrub all of your PII from the internet. 

That said, you can reduce the amount of personal information about yourself online by taking a few security measures. Additionally, you can make yourself a less desirable target of hackers and other cyber criminals by paying attention to how your PII is used. 

Use strong passwords

One of the best ways to protect your PII is to prevent people from accessing the information stored within your accounts. Using strong password protocols will help in this regard. 

If you use the same password for multiple websites – especially websites that contain your personal information, such as ecommerce, banking, and employment sites – then a hacker only needs to figure out one email/password combination to access all of your other accounts.

Check out our advice for how to create strong passwords. 

Learn to encrypt important, sensitive data

Encryption is the process of scrambling data so that it appears to be gibberish while it traverses the Internet. If the receiver doesn’t have the correct encryption key to unscramble it, they are out of luck! The goal of encryption is to make data confidential. 

Check out our guide to encrypting data. 

Make sure that your devices are password-protected

As recently as 2018, the majority of smartphone users were not password-protecting their phones. As facial recognition, fingerprint identification, and password protection have become more commonplace, more and more people are securing their device with some sort of locking mechanism. 

This is great news! If, however, you are among the minority of people who do not lock their devices, it’s time to adjust your behavior and start locking your phone! It is much harder to steal information from a lost or stolen phone when the thief cannot access anything on the device. 

When selling, donating, or recycling a device, reformat the hard drive first.

When you’re ready to get rid of an old device, you have options. You may be able to sell it or trade it in for a newer product. You may choose to donate it, or you may want to recycle it. 

Whatever you choose to do, be sure to completely reformat the hard drive or reset the device to its factory settings before you get rid of it. That way, once it’s out of your hands, you don’t have to worry about who might acquire it next.

Throwing it away doesn’t protect you from this problem. In fact, there are some individuals who are more than happy to look through the trash for old devices, which they can use to access user information. 

Delete inactive accounts

LifeHacker has provided a useful guide for finding and deleting old accounts that you’re not using anymore. 

These outdated accounts are a security risk to your Personally Identifiable Information. We recommend going through your accounts at least every 6 months to check for platforms and apps you are no longer using. 

Request to have your information removed from data collection sites.

Data brokerage sites collect PII and publish it online. Often, this is non-sensitive data, but it can include personal, sensitive PII as well. 

You can use data removal services like Privacyrights.org or DataSeal.com to have your private information removed from data collection sites. DataSeal offers a paid automated removal service, and both companies offer free opt-out guides. Incogni and DeleteMe also offer automated opting-out services.

McAfee’s overview of how to remove yourself from these data brokerage sites is also helpful! 

Protect Your Personally Identifiable Information

The more you know about Personally Identifiable Information (PII), the more effectively you will be able to protect this data from becoming more public than you want it to be!