Personally Identifiable Information (PII)
Personally Identifiable Information, also known as PII, is any information that can be used to identify an individual. This kind of information can be used on its own, or in conjunction with other information that helps to identify an individual. Some examples of PII would be your full name, driver’s license number, social security number, passport number, email address, vehicle registration number, biometric data (face, retinal, or fingerprint scans), birthdate, and telephone number.
Keep in mind that the above list is not “all-inclusive”, and there are many other forms that PII can take, like your medical, employment, or financial histories.
Why should I care about my PII?
In today’s digital world, your PII is your identity. So, issues arise when PII is mistreated and ends up in the wrong hands. Most often, PII is referenced when speaking about identity theft, data breaches, or general online privacy and security issues. When a company experiences a data breach, any PII that is being stored by that company can end up falling into the wrong hands and sold on the dark web with the intention to be used to commit identity theft.
Once your PII ends up on the dark web, it can be assembled by hackers and ID thieves to take over your identity. Typically, a single piece of PII is not enough for an ID thief to commit fraud, but by compiling a few pieces of PII from sources on the dark web or from data brokers, an ID thief can begin strategizing against a potential target.
Identity Theft is Real
It’s important to emphasize that identity theft is very real. In 2020, there were 1.4M cases of reported identity theft in the US, an increase of 53% over 2019. Someone new is impacted by identity theft every every two seconds.
- The National Center for Victim Research reports 7 – 10% of the US adult population are victims of identity theft every year
- Individuals reported losses of $3.3 Billion to identity theft in 2020
- The FTC estimates that 9 million identities are stolen each year
- One million child identity theft incidents occurred in 2020
- Every year, 15 million Americans become victims of identity theft
Your PII and You
PII serves at least one legitimate purpose online: to allow marketing companies to serve you better ads. By compiling general information like your email address, gender, age range and browsing tendencies, data mining companies can create profiles about you which are then sold to marketing companies who serve ads on your Facebook or Instagram feeds, or banner ads on that website you’re visiting.
Unfortunately, there are negative implications with data profiles like this being created. Medical records have been sold to data brokers since the introduction of HIPAA (Health Insurance Portability and Accountability Act) in 1966 using “anonymized data” (health records with unique identifiers removed like name, social security number, or address). Even though the data is mostly “anonymized”, when cross-referenced against other databases, it can be used to build a health record about you, in-turn destroying the data’s anonymity.
These kinds of profiles open the doors to prejudice from health insurance providers or even potential employers – imagine a world where you’re denied a job or health insurance because you did a Google search for “cancer symptoms”.
Protecting Your PII
Even in today’s world of frequent data breaches, consumers are still forced to give out their personal information on a regular basis in order to use the products and services that they need. Because of this, it seems like an impossible task to try and protect your PII from getting into the wrong hands.
Thankfully, you’re not helpless, and you can use these tips to protect your PII:
- Be cautious of what you share on social media
- Remove your personal information from data broker websites (or use DeleteMe)
- Use a Masked Email address when signing up for a new service or mailing list online
- Use a Masked Credit Card when asked for a credit card online
- Use a VPN to disguise your device’s IP address and encrypt your browsing activities
- Request that your information be erased from a company’s database if you no longer need their product or service
The simplest and best thing you can do to protect your PII is to stop giving it out whenever it’s asked of you. Unfortunately, many times you’re still required to provide your real information in order to access a product or service, and you’re forced to trust the company you’re giving it to. Still, there are many things you can do to protect your PII, and your safety should always be prioritized.