Skip to main content

Personally Identifiable Information

What Is Personally Identifiable Information?

Personally Identifiable Information (PII) is any information that can, either by itself or when linked with other associated data, identify an individual. PII includes a range of information types that could directly or indirectly identify a person. 

Examples of PII include the following:

  • Direct identifiers such as name, passport numbers, social security numbers, and driver’s license numbers.
  • Contact details like email, phone number, and address.
  • Biometric data, such as DNA, fingerprints, and facial recognition data.
  • Demographic information, including gender, date of birth, and race, which may identify an individual when combined with other data.
  • Internet identifiers, like IP addresses, cookies, and other data collected through internet activities.

The definition of PII can vary slightly depending on legal contexts and the specific regulations in different jurisdictions. 

Third-party definition 

Information from which the identity of an individual can be inferred. – Progress 

Sensitive vs Non-Sensitive PII

Personally identifiable information can be either sensitive or nonsensitive. 

Sensitive PII is information that, when disclosed, could harm an individual. As a result, it must be protected with higher security measures.

Examples of sensitive PII include credit card numbers, bank account information, health records, and biometric data. 

Non-sensitive PII is information that is less impactful on its own and can encompass data that may be available from public sources. 

Examples of non-sensitive PII include names when not linked with other identifiers, job titles, and general demographic information that is more broad and not unique.

The key difference lies in the potential impact of data exposure. Sensitive PII requires stricter handling and protection measures because its exposure poses a greater risk of significant or direct harm to individuals. Non-sensitive PII, while still needing to be handled carefully to protect privacy, poses less risk when exposed.

How Criminals Can Misuse Your PII

Criminals and bad actors can misuse personally identifiable information in various harmful ways. 

Here are some of the primary methods by which PII is misused:

  • Identity theft. One of the most common forms of PII misuse involves criminals using stolen personal data (such as Social Security numbers, birth dates, or bank account information) to impersonate individuals and open new credit accounts, apply for loans, or make purchases. 
  • Financial fraud. This might include accessing someone’s existing bank accounts, making unauthorized transactions, or claiming government benefits like tax returns or social security benefits in another person’s name.
  • Phishing scams. With PII, criminals can craft convincing phishing messages that appear to be from legitimate sources. 
  • Account takeover. By obtaining key pieces of PII, bad actors can guess passwords and answers to security questions and gain access to online accounts, ranging from social media to online banking. Once they control these accounts, criminals can perpetrate further fraud, solicit money from contacts, or gather more PII from the account’s connections.
  • Extortion and blackmail. If the PII consists of sensitive or compromising information, criminals might use it to blackmail individuals, threatening to expose the information unless they receive payment or other favors.

Where Is Your PII? 

Understanding where PII is stored can help you manage and protect it.

A consumer’s personally identifiable information can reside in various digital and physical locations, often spanning multiple platforms and institutions. 

Examples include social media profiles (profiles and interactions on social media can reveal a ton of personal information, including full names, birthdates, locations, employment history, and family connections), financial institutions (banks, credit unions, and other financial institutions hold detailed personal and financial information, including account numbers, transaction histories, and credit information), and government databases (various government agencies hold PII related to identity documents, tax records, social security details, and more). 

Because PII is distributed across so many different platforms, individuals must be proactive in managing their privacy settings, understanding where their information is stored, and taking steps to protect it.

Keep Your PII Safe

You can take several practical steps to safeguard your PII to minimize the risk of misuse.

Here are strategies you can use to safeguard your PII:

  • Think before you share. Be cautious about what you share on social media or when filling out forms online. Ask yourself whether it is necessary to provide all the information requested.
  • Adjust privacy settings. Regularly review and change the privacy settings on all online accounts to limit who can see your information. Opt for the strictest settings that restrict access to your profile and posts to only those you trust.
  • Opt-out of data sharing. Many businesses and websites will ask for permission to share your data with third parties. Be proactive in opting out of such permissions, and regularly review any subscriptions or accounts for changes in their privacy policies.
  • Use anonymous or pseudonymous profiles. For online activities that do not require your real identity—such as certain discussion forums or gaming—consider using a pseudonym to avoid disclosing your real name and other personal details.
  • Limit the use of personal email or phone numbers. Where possible, use secondary email addresses and phone numbers for online sign-ups and other forms that require contact information. This can help keep your primary contacts less exposed. 
  • Educate yourself on privacy policies. Before agreeing to a website or service, take the time to read and understand its privacy policies. Knowing how your information will be used, stored, and shared can help you decide whether to use a specific service. 
  • Create strong, unique passwords and turn on multi-factor authentication.  Use different passwords for each account to prevent a breach on one account from compromising others. Whenever possible, enable MFA on your accounts. 
  • Be on the lookout for phishing attempts. Learn to recognize phishing emails or messages that attempt to trick you into providing personal information. 
  • Secure your devices. Lock your devices using security features like passwords, fingerprint recognition, or facial recognition. Encrypt your data where possible, especially on devices that contain sensitive information.
  • Monitor your financial statements. Regularly check your statements (credit card and bank) and credit reports for unauthorized transactions or accounts. You can use services that alert you to changes in your credit report.
  • Properly dispose of personal information. Shred documents that contain personal data before disposing of them. This includes bank statements, credit card offers, and other paperwork that may contain PII.