Skip to content

What Is Personally Identifiable Information (PII)?

A woman paying online using her credit card

Personally Identifiable Information (PII) is an important concept in privacy laws and online security. 

Put simply, PII is any information that can be used to identify an individual. PII can be one piece of information that identifies a person, or it could be information that must be combined with other relevant data to successfully identify someone. 

PII can be divided into two categories: sensitive PII and non-sensitive PII.

What is Sensitive PII? 

Sensitive Personally Identifiable Information is legally identifiable information including a person’s:

  • Full, legal name
  • Social Security number
  • Driver’s license number
  • Medical records
  • Financial records
  • Mailing address
  • Credit card number(s)
  • Passport number

There are plenty of other unique details that could be considered sensitive PII, but these are the most common kinds – and some of the biggest sources of concern for privacy advocates and online security experts. 

What is Non-Sensitive PII?

Non-Sensitive Personally Identifiable Information (also called Indirect PII) is information that can be accessed by the general public thanks to sources like websites, corporate directories, phonebooks, and more. 

Basically, if it is considered public knowledge, then it is non-sensitive PII. 

This includes things like your:

  • Date of birth
  • Zip code
  • Race
  • Religion
  • Gender
  • Business phone number

These are “quasi-identifiers,” because they may be accurate personal information about an individual, but they cannot be used on their own to determine an individual’s identity. 

When these quasi-identifiers are linked together or to a piece of sensitive information, it may be possible to determine an individual’s unique identity.

A woman browsing clothes online on a mobile phone

How Companies Use Anonymization to Protect Consumer Data

Anonymization is a series of techniques that can encrypt and obscure Personally Identifiable Information. That way, when an individual or organization needs to digitally transfer sensitive information from one place to another, they can do so without making it vulnerable to misuse. 

Data anonymization is used by governments, healthcare providers, businesses, and organizations to preserve the integrity of sensitive PII. 

Sometimes, anonymization is legally mandated by state and federal governments. Industries like healthcare, education, and financial services must meet regulatory standards to protect their patients, clients, and more.

How Cyber Criminals Steal PII

There are low-tech and high-tech methods of stealing Personally Identifiable Information. 

A low-tech strategy is for a criminal to go through a victim’s mail in order to recover personal information like their name, address, banking information, social security numbers, and more. 

Today, most attacks are more sophisticated, and they are dependent upon data vulnerabilities online. 


There are a number of methods available for cyber criminals to steal PII, including: 

A monitor displaying a password input

How to Protect Your Personally Identifiable Information

It is important to be upfront about this: you are unlikely to be able to scrub all of your PII from the internet. 

That said, you can reduce the amount of personal information about yourself online by taking a few security measures. Additionally, you can make yourself a less desirable target of hackers and other cyber criminals by paying attention to how your PII is used. 

Use strong passwords

One of the best ways to protect your PII is to prevent people from accessing the information stored within your accounts. Using strong password protocols will help in this regard. 

If you use the same password for multiple websites – especially websites that contain your personal information, such as ecommerce, banking, and employment sites – then a hacker only needs to figure out one email/password combination to access all of your other accounts.

Check out our advice for how to create strong passwords. 

Learn to encrypt important, sensitive data

Encryption is the process of scrambling data so that it appears to be gibberish while it traverses the Internet. If the receiver doesn’t have the correct encryption key to unscramble it, they are out of luck! The goal of encryption is to make data confidential. 

Check out our guide to encrypting data. 

Make sure that your devices are password-protected

As recently as 2018, the majority of smartphone users were not password-protecting their phones. As facial recognition, fingerprint identification, and password protection have become more commonplace, more and more people are securing their device with some sort of locking mechanism. 

This is great news! If, however, you are among the minority of people who do not lock their devices, it’s time to adjust your behavior and start locking your phone! It is much harder to steal information from a lost or stolen phone when the thief cannot access anything on the device. 

When selling, donating, or recycling a device, reformat the hard drive first.

When you’re ready to get rid of an old device, you have options. You may be able to sell it or trade it in for a newer product. You may choose to donate it, or you may want to recycle it. 

Whatever you choose to do, be sure to completely reformat the hard drive or reset the device to its factory settings before you get rid of it. That way, once it’s out of your hands, you don’t have to worry about who might acquire it next.

Throwing it away doesn’t protect you from this problem. In fact, there are some individuals who are more than happy to look through the trash for old devices, which they can use to access user information. 

Delete inactive accounts

LifeHacker has provided a useful guide for finding and deleting old accounts that you’re not using anymore. 

These outdated accounts are a security risk to your Personally Identifiable Information. We recommend going through your accounts at least every 6 months to check for platforms and apps you are no longer using. 

Request to have your information removed from data collection sites.

Data brokerage sites collect PII and publish it online. Often, this is non-sensitive data, but it can include personal, sensitive PII as well. 

You can use data removal services like Privacyrights.org or DataSeal.com to have your private information removed from data collection sites. DataSeal offers a paid automated removal service, and both companies offer free opt-out guides. Incogni and DeleteMe also offer automated opting-out services.

McAfee’s overview of how to remove yourself from these data brokerage sites is also helpful! 

Protect Your Personally Identifiable Information

The more you know about Personally Identifiable Information (PII), the more effectively you will be able to protect this data from becoming more public than you want it to be!

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
Child Sex Trafficking

The Human Trafficking Problem. The FBI Is On the Case.

It’s not Hollywood hype. There are real agencies and real people saving kids. In the Summer of…

[Read More]
Circa Casino Phishing Scam

Las Vegas Casino Scam Nets $1.2 million with a Phishing Call

In the Summer of 2023, the Circa Hotel in Downtown Las Vegas was swindled out of $1.2...

[Read More]
Kathy Waters and Bryan Denny talk about dating and romance scams and the new World Romance Scam Prevention Day on October 3rd.

World Romance Scam Prevention Day Promotes Dating and Romance Scam Awareness

Dating and romance scams are more common – and more insidious – than most people realize. Networks…

[Read More]
Giles Mason talks about stopping scams and how to protect yourself.

Get Better at Stopping Scams with This Scam Protection Framework

Most of us want to be polite and help others where we can. But scammers can take…

[Read More]
This smartphone safety feature could save your life in a medical emergency.

Your Phone Could Save Your Life: The Smartphone Safety Feature You Need to Know

It’s a nightmare scenario: You’re away from home and have an accident or a medical emergency. We…

[Read More]
Marta Tellado talks about the state of online consumer protection.

The Importance (and Challenge) of Online Consumer Protection

You’ve probably heard the phrase “buyer beware.” It refers to situations where it’s the buyer’s responsibility to…

[Read More]