Understanding Personally Identifiable Information: What is PII and how is it protected online? (2023)

Today's world demands that you share your PII, but doing so can pose a security threat. Know which laws apply and how to protect yourself from becoming a victim.

What is PII?

PII stands for Personally Identifiable Information and refers to aindividual's private datawhich can be used to discover your identity.

PII can be confidential and non-confidential. Someone's social security number, passport, or driver's license are unique identifiers and excellent examples of sensitive personally identifiable information.

Non-confidential personal information can become a risk when such data is gathered to indirectly identify an individual.For example, gender, date of birth, ethnicity or medical information can reveal a person's identity when combined with other information.

A company can store PII in a variety of ways, but cybercriminals most often access it when it's available online.

What qualifies as PII?

Experts often disagree on which personal identifiers should be considered PII and how sensitive those items should be. The general rule is to evaluate every bit of personal information from the perspective of the personal harm it could cause if it were lost or compromised.

Here are some common examples of personally identifiable information:

• • *Name: Full name, maiden name, mother's maiden name, etc.
  • *Birth date
  • Government-issued personal identification numbers:Social Security Number (SSN), Passport Number, Driver's License Number, I.D. card, taxpayer identification number, Medicare or Medicaid.
  • Other personal identification numbers:Financial account numbers, credit and debit card numbers, etc.
  • *Contact information: Address, phone numbers and email addresses.
  • Personal characteristics- Biometric information including photos (face and other identification features), retinal scan, fingerprints, handwriting, voice and facial geometry.
  • *Electronic and digital account information:Internet account numbers and passwords.
  • Records and identification of school officials and staff. numbers:Any educational records or identification numbers.

*Of importance:Identity Theft Resource Center, a distinguished expert in the field of identity protectiondoes not consider names, phone numbers, passwords or email addresses to be PII.

The above list does not show every possible example of PII, but it does give an idea of ​​the types of data that need to be protected.

PII sensitivity range

In fact, the scope of PII can be confusing, which is why people often ask about the meaning of PII or the definition of PII. When asked what is considered personally identifiable information, the answer is the same. It is any separate or combined personal data specific to an individual, which could compromise his identity if it fell into the wrong hands. The important thing to note here is that PII can become more or less confidential when combined with other details. For example, name, date of birth and bank account number become harmful when put together.

What is not considered PII?

There is a lot of information about us online that appears personal but is not necessarily sensitive PII. These details are sometimes referred to as non-PII or non-confidential information.

Some examples of non-confidential information include:

• *Name

• Naturalness

• *Birthday

• IP addresses

• Aggregate statistics on the use of services and products

• Cookies
  

How can a name or date of birth be considered non-confidential information? Because many people share the same name or birthday. By itself, a name or birthday is not specific to a person. However, when they go online as part of a cache of information about someone, they become sensitive PII.

We created this infographic to show the spectrum of personal information with one specific goal in mind: to raise awareness of the risks involved in the simple act of sharing your personal information.

What PII data is at risk?

The short answer is that everything is on the line. Credit card and social security information can be sold on the dark web, also known as the online black market.

What we consider less sensitive data, such as names, birthdays, contacts, details, criminal and professional backgrounds, are displayed on social networks and people search sites. Cybercriminals can find these pieces of your PII and combine them to steal your identity and funds.

1. Be careful about sharing your Social Security number on forms such as employment, doctors' offices, and other places that ask for it. It is generally not required in all places that require it. Before you give it to them, ask how they will keep it safe.
2. Remove your personal information from the web by opting out of people search sites. Confidencea representativeto monitor the web and keep you permanently deleted. You can also use ourDIY removal guidesto be removed manually.
3. Do not share too much personal data on social media.

How is PII stolen?

Here are some ways that PII can be compromised:

• A lost or stolen wallet containing identification, credit cards and/or social security numbers falls into the wrong hands.
• data breachthrough website hacking or insider theft.
• Social engineering criminals trick victims into revealing confidential information or trick them into clicking on malicious links that install malware that steals their PII.
• Data transmissions over unsecured or public home Wi-Fi networks allow hackers to steal banking and shopping account passwords.
• email spoofingyphone scamsare used to disclose confidential information.
• Credit card theft devices steal card numbers and pins.
• Unencrypted websites with weak security allow cybercriminals to intercept your personal information when you use them.

What are the dangerous consequences of PII theft?

When criminals have your PII, they can:

• Participate in all kinds ofbank scamsto steal funds, cash checks and open new credit cards in your name, etc.
• Steal your tax returnor government benefits.
• Apply for loans on your behalf.
• Log in to your personal accounts(bank, doctor, email, social networks, etc. to make fraudulent purchases or defraud others.
• Open new phone and utility bills.
• Change your service billing addresses and increase charges.
• Get a new driver's license or official ID in your name to assume your identity, thenuse your identity when questioned by the police.
• Buying drugs or sending fraudulent invoicesfor health coverage you didn't receive.

PII theft has devastating consequences as criminals prey on the victim's life. By the time someone realizes what has happened, they may have lost money, damaged their credit, or even be subject to jail time if a criminal committed a crime using their identity.child identity theftit can go unnoticed for years and create a mess that needs to be fixed later.

If cybercriminals create asynthetic identityusing real PII, such as a social security number combined with false identification information, the resulting harmit can have serious long-term consequences for the victim, causing credit, insurance, tax, and other issues that are difficult to resolve.

How do I protect my PII?

In addition to the security tips we've already shared in previous sections, here's a checklist with specific recommendations to follow to keep your PII safe:

1. Don't keep your social security card in your wallet.
2. Destroy or safely dispose of any printed PII as spam.
3. Avoid storing PII on electronic devices and permanently delete any PII records that are no longer needed on a device.
4. Create and use strong passwordson all digital devices and keep them locked away when not in use. Even if you don't store PII on these devices, you can still use them for transactions that contain your private data.
5. Use antivirus protection andtwo-step verification.
6. Do not use public Wi-Fi or allow strangers to connect to your main Wi-Fi network.
7. Use VPN to protect your data and privacy online. Also, a VPN lets you discoverWhich country has the best Netflix?🇧🇷 It's a win-win!
8. Do not click on links in emails or messages from unknown senders.
9. Use trusted third-party payment services, encrypted websites, and otherssafe methodsfor entry of any PII.
10. proactivelyfreeze your credit reportsto prevent cybercriminals from getting credit with your identity.
11. Monitor your accounts for known data breaches. Many services areavailable to help.

Applicable Laws and Regulatory Institutions

There are several personally identifiable information laws and agencies that protect individuals' sensitive PII. The following are some of the widely known protective laws that govern the handling of PII in the US. However, it is important to note that the protections are not limited to these rules, acts and laws.

COPPA

Children's Online Privacy Protection Rule (COPPA)details the requirementsthat online services targeting children must follow when collecting PII. In some cases, parents of children under 13 can choose what information they want to share with a website. Violation of these rules can result in heavy fines and criminal penalties.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is ashe federalwhich protects private patient information from being disclosed without permission. Individually identifiable health information is protected by HIPAA on a national and standard basis. HIPAA also allows for the flow of non-confidential health data that can be used for public health and wellness.

Personally Identifiable Information The HIPAA rules are very detailed in this law and clarify the protections for patients and guardians.

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects students' educational records. It also provides provisions for parents and students to request data and give permission to release records.

FERPA's protection of personally identifiable information applies to all schools that receive funding from the US Department of Education, but may not apply to some private schools, colleges, or universities.

Privacy Act of 1974

The Privacy Act of 1974established information-gathering practices governing the use, maintenance, and dissemination of PII maintained by the US federal government. Additionally, it provides a means by which citizens can access and request changes to their records.

Some of the agencies that regulate the handling of PII include:

• The network advertising initiative(NAI)
• The Department of Consumer Protection (part of theFederal Trade Commission)
• Consumer Affairs
• The Federal Communications Commission(FCC)
• National Institute of Standards and Technology(NIST)

Frequently Asked Questions About Personally Identifiable Information

What is a PII violation?

LosMost frequent PII breachit's identity theft. But any instance where your personally identifiable information is used or shared without your consent is a violation.

Who owns the PII?

Businesses collect PII about consumers and are responsible for keeping that data secure. Although the information contained in its systems may be about consumers, the company owns these records. In some cases, you may be entitled to see these records if requested. It is your responsibility to make good decisions about how to protect your PII and to make wise decisions about how to share it.

Who is responsible for protecting PII?

Companies and individuals share a responsibility to protect PII. Many companies have personally identifiable information training to ensure that their employees understand how to protect sensitive PII.

What should you do when sending personally identifiable information via email?

PII should never be emailed using an unsecured email. Use encrypted and secure email systems that cannot be easily intercepted by hackers who can steal any personally identifiable information.

What is the best example of protected health information?

Protected health information (PHI) includes PII that can identify a patient and anymedical informationabout that person. A person's disease history is protected from unauthorized disclosure. PHI is legally protected under the Health Insurance Portability and Accountability Act (HIPAA) and can lead tofines of up to $50,000 per violationwith a maximum of $1.5 million per year.

Is it considered a PII VIN?

Yes, a Vehicle Identification Number (VIN) is considered PII as it is specific to a vehicle.

Is the place of birth PII?

Anyexpertsdo not consider your birthplace as non-sensitive information. When added to your name and bank account number, it may become confidential.

Are the last four of the SSN considered PII?

Yes, the last four digits of your Social Security number are confidential PII. This truncated SSN is highly sensitive both independently and in combination with other PII bits.

Is personally identifiable information the same in all states?

There are federal and state laws that define and regulate PII. Personally identifiable information law can vary from state to state. But federal laws, acts, and organizations protect the disclosure of PII across the country. Additionally, different industries have regulatory organizations that require PII handling.

The meaning of PII is understood consistently across all states, as any data thatdirectly identifies an individual.

to wrap

PII violations can be devastating to your life. That's why it's so important to protect your information and take precautions to protect your data and your identity.

Remember, even information that is not considered PII can be reconstructed by cybercriminals, resulting in fraud and identity theft. To avoid this, we strongly recommend that you useOneRep 5-day free trialto remove your personal information from people search sites that expose your PII and other personal data.

Iryna Slabodchikava

Content Strategy Manager at OneRep |LinkedIn