Personally Identifiable Information (PII)
What Is Personally Identifiable Information (PII)?
Personally identifiable information (PII) is information that, when utilized alone or with other pertinent data, can identify an individual.
PII might contain direct identifiers (e.g., visa information) that can identify a person extraordinarily, or semi identifiers (e.g., race) that can be combined with other semi identifiers (e.g., date of birth) to perceive an individual successfully.
Understanding Personally Identifiable Information
Propelling technology platforms have had an impact on the manner in which organizations operate, governments enact, and individuals relate. With digital apparatuses like cell telephones, the Internet, web based business, and social media, there has been a blast in the supply of a wide range of data.
Big data, as it is called, is being collected, investigated, and handled by organizations and shared with different companies. The wealth of information provided by big data has enabled companies to gain knowledge into how to better interact with customers.
Be that as it may, the development of big data has likewise increased the number of data breaches and cyberattacks by substances who understand the value of this information. Subsequently, concerns have been raised over how companies handle the sensitive information of their consumers. Regulatory bodies are seeking new laws to safeguard the data of consumers, while users are searching for additional anonymous ways of remaining digital.
Sensitive versus Non-Sensitive Personally Identifiable Information
Sensitive PII
Personally identifiable information (PII) can be sensitive or non-sensitive. Sensitive personal information includes legal statistics, for example,
- Full name
- Social Security Number (SSN)
- Driver's license
- Mailing address
- Credit card information
- Visa information
- Financial information
- Medical records
The above list is in no way, shape or form comprehensive. Companies that share data about their clients typically use anonymization strategies to scramble and muddle the PII, so it is received in a non-personally identifiable form. An insurance company that shares its clients' information with a marketing company will cover the sensitive PII included in the data and leave just information connected with the marketing company's goal.
Non-Sensitive PII
Non-sensitive or indirect PII is effectively accessible from public sources like phonebooks, the Internet, and corporate directories. Instances of non-sensitive or indirect PII include:
- Zipcode
- Race
- Gender
- Date of birth
- Place of birth
- Religion
The above list contains semi identifiers and instances of non-sensitive information that can be released to the public. This type of information can't be utilized alone to determine an individual's identity.
Be that as it may, non-sensitive information, albeit not delicate, is linkable. This means that non-sensitive data, when utilized with other personal linkable information, can uncover the identity of an individual. De-anonymization and re-identification procedures will generally find success when multiple arrangements of semi identifiers are sorted out and can be utilized to recognize one person from another.
Managing and defending personally identifiable information (PII) will probably be a prevailing issue for individuals, corporations, and governments in the years to come.
Defending Personally Identifiable Information (PII)
Multiple data protection laws have been adopted by different nations to make guidelines for companies that gather, store, and share the personal information of clients. A portion of the essential principles illustrated by these laws state that some sensitive information ought not be collected except if for extreme circumstances.
Likewise, regulatory guidelines stipulate that data ought to be deleted assuming as of now not needed for its stated purpose, and personal information ought not be shared with sources that can't guarantee its protection.
Cybercriminals breach data systems to access PII, which is then sold to willing purchasers in underground digital marketplaces. For instance, in 2015, the IRS experienced a data breach leading to the theft of in excess of a hundred thousand citizens' PII.
Utilizing semi information taken from multiple sources, the culprits had the option to access an IRS website application by addressing personal verification questions that ought to have been aware of the citizens as it were.
Shielding PII may not generally be the sole responsibility of a service provider. Now and again, it very well might be shared with the individual.
Personally Identifiable Information Around the World
The definition of what contains PII varies depending on where you reside in the world. In the United States, the government defined "personally identifiable" in 2020 as whatever can "be utilized to recognize or trace an individual's identity" like name, SSN, and biometrics information; either alone or with different identifiers like date of birth or place of birth.
In the European Union (EU), the definition grows to include semi identifiers as illustrated in the General Data Protection Regulation (GDPR) that came full circle in May 2018. The GDPR is a legal system that sets rules for collecting and processing personal information for those residing in the EU.
Personally Identifiable Information versus Personal Data
Personal data includes a broader scope of settings than PII. For example, your IP address, device ID numbers, browser treats, online pseudonyms, or hereditary data. Certain characteristics like religion, nationality, sexual orientation, or medical history might be classified as personal data yet not personally identifiable information.
Illustration of Personally Identifiable Information
In mid 2018, Facebook Inc. (META), presently Meta, was entangled in a major data breach. The profiles of 30 million Facebook users were collected without their consent by an outside company called Cambridge Analytica. Cambridge Analytica helped its data from Facebook through a scientist who worked at the University of Cambridge. The specialist constructed a Facebook app that was a personality test. An app is a software application utilized on mobile devices and websites.
The app was designed to take the information from the individuals who elected to give access to their data for the test. Sadly, the app collected the test takers' data as well as, due to a loophole in Facebook's system, was able likewise to collect data from the friends and family individuals from the test takers.
Accordingly, more than 50 million Facebook users had their data presented to Cambridge Analytica without their consent. In spite of the fact that Facebook prohibited the sale of their data, Cambridge Analytica pivoted and sold the data to be utilized for political counseling. Mark Zuckerberg, Facebook founder and CEO, released a statement inside the company's Q1-2019 earnings release:
We are centered around building out our privacy-centered vision for the eventual fate of social networking and working cooperatively to address important issues around the Internet.
The data breach impacted Facebook users as well as investors too. Facebook's profits decreased by half in Q1-2019 versus a similar period a year sooner. The company accrued $3 billion in legal expenses and would have had an earnings for each share of $1.04 higher without the expenses, expressing:
We estimate that the scope of loss in this matter is $3.0 billion to $5.0 billion. The matter remaining parts unsettled, and there can be no assurance with respect to the timing or the terms of any ultimate result.
The next day, on April 25, 2019, Meta announced it was forbidding personality tests from its platform.
Companies will without a doubt invest in ways of harvesting data, like personally identifiable information (PII), to offer products to consumers and expand profits. In any case, they will be met with additional rigid regulations in the years to come.
Features
- Non-sensitive personally identifiable information is effectively accessible from public sources and can include your zip code, race, gender, and date of birth.
- Social media locales might be considered non-sensitive personally identifiable information.
- Travel papers contain personally identifiable information.
- Sensitive personally identifiable information can include your full name, Social Security Number, driver's license, financial information, and medical records.
- Personally identifiable information (PII) utilizes data to affirm an individual's identity.
FAQ
What Is Not PII?
Personal data isn't classified as PII and non-personal data, for example, your employer, shared data, or anonymized data.
What Qualifies as PII?
Personally identifiable information is defined by the U.S. government as:"Information which can be utilized to recognize or trace an individual's identity, for example, their name, social security number, biometric records, and so on alone, or when combined with other personal or identifying information which is connected or linkable to a specific individual, like date and place of birth, mother's maiden name, and so on."
What Laws Protect PII?
Different federal and state consumer protection laws safeguard PII and endorse its unauthorized use; for example, the Federal Trade Commission Act and the Privacy Act of 1974.
How Must You Respond When Emailing PII?
Since email isn't generally secure, try to avoid emailing PII. In the event that you must, use encryption or secure verification strategies.
What Is a PII Violation?
PII violations are illegal, and frequently include frauds like identity theft. Violations may likewise stem from unauthorized access, use, or disclosure of PII. Inability to report a PII breach can likewise be a violation.