PII, or personally identifiable information, is an important aspect of online security and privacy. This guide can help you understand what PII is, the risks involved and how to protect it.
What is PII
PII refers to information that can be used to identify you. It includes information like your name, date of birth, passport number, Social Security number (SSN), payment information and more.
Sensitive PII vs. Non-Sensitive PII
PII can be categorized into two types: sensitive personal information and non-sensitive personal information.
Sensitive Personal Information
Sensitive personal information is anything that can cause personal damage if it is compromised or lost. This type of PII may have rules restricting disclosure due to contractual, legal or ethical requirements.
Examples of sensitive personal information include things like your SSN, credit card information, medical records and passport or driver’s license details. This data should be securely protected by both the individual and the organizations storing it to prevent identity theft and other fraud.
Non-Sensitive Personal Information
Non-sensitive personally identifiable information, on the other hand, is PII that is easily accessible from public records like phone books, corporate directories or social media. These data points include zip codes, gender, date of birth and race. These pieces of information, by themselves, can be anonymous and are probably not damaging if released on their own. For example, if someone has your zip code and gender, it probably isn’t enough information for them to impersonate you and open new credit accounts in your name.
However, this non-sensitive information can be linked to sensitive PII – like different pieces of a puzzle coming together to reveal who you are. Unfortunately, as data breaches compromise sensitive information, it’s becoming easier for cybercriminals to implement de-anonymization strategies that piece together sets of non-sensitive and sensitive PII to identify anonymous pieces of data.
Data Breaches and PII Risks
So, why is PII important? The key lies in the risks associated with the age of data.
Technology has changed the way we do everything, from business and government to how we interact with one another. Smartphones and social media platforms are commonplace. These tools consistently collect massive amounts of data about our identities and behaviors.
Organizations collect this data to optimize the user experience. It is what allows Netflix to recommend the movies and shows we might like, and Amazon to suggest products that we may be interested in. The goal is to make our lives easier.
However, as PII goes digital, it has become a major source of financial gain for hackers, identity thieves and other criminals. According to the Federal Trade Commission, there have been 1.7 billion records exposed in data breaches within the last 15 years. If cybercriminals gain access to leaked PII, they can sell it to buyers on the dark web that can use it to carry out criminal activities like identity theft and payment fraud. Last year alone, there were 14.4 million cases involving fraud, identity theft and other related problems leading to $16.9 billion in losses.
Some notable data breaches include the breach on Adobe where hackers stole 153 million user records, including names, passwords and payment information. Or there was the hack on the health insurance provider Anthem Inc. that compromised more than 37.5 million records that included SSNs. On average, there are three data breaches a day, according to the Identity Theft Resource Center.
The leak of PII in incidents like these has led regulators to develop new laws to protect consumer data. But, ultimately, consumers need to take their own measures to protect information from being spread on the dark web.
How to Protect Your PII
Data protection laws help limit the PII that organizations collect and require them to anonymize any information that is shared with third parties.
Strong Password Habits
As a consumer, there are things you can do as well. This includes adopting better password habits. Enable two-factor authentication whenever possible, and update passwords regularly using best practices. For example, you should not use things like your date of birth, children’s names, or pet names – these details can be easily discovered or guessed, leaving your accounts at risk of account takeover.
Credit Report and Identity Theft Monitoring
Another great solution to protect your PII is identity theft protection that includes active credit report monitoring, identity monitoring, dark web monitoring and identity theft insurance. These tools and resources give you the advantage of acting quickly if you receive alerts for suspicious activity. These services can provide a safety net in the case of unforeseen monetary losses due to identity theft.
With PII being so valuable, consider taking the next steps in better data management habits, so you can navigate the digital world with peace of mind.