What is Personally Identifiable Information (PII)?

Personally Identifiable Information (PII) is any information about an individual that can be used to identify that person or distinguish them from other people. This can include but is not limited to a full name, Social Security Number (SSN), Driver’s License Number, financial information, Internet Protocol (IP) address, passport details, racial and gender information, birthdate, and digital images.

The amount of data collected by any individual organization, institution, or government can vary widely. For example, a business collecting Social Security Numbers for a job application is likely to have much more personal information on file than a website asking for a home address to personalize advertisements.

Any organization that collects, stores, and uses PII has the responsibility to protect it. This means understanding the risks associated with collecting and storing data and taking precautions to protect it. Different types of PII pose different levels of risk and therefore warrant different levels of protection. Sensitive PII is highly sensitive information and requires stronger security measures and higher levels of privacy. Examples of sensitive PII include full name and SSN.

Non-sensitive PII, such as zip code and date of birth, does not possess a high enough risk to warrant the same level of protection as sensitive data. For example, a website might ask for a zip code to help target ads to its users without needing to ask for explicit permission for each ad. However, strong data security is still important for any PII, regardless of the type or sensitivity level.

Social media sites are often used to collect non-sensitive PII, as the data collected is publically available and users have agreed to share it freely by signing up for the site. Additionally, social media can become a repository of sensitive data, as users often freely share personal details with their contacts. This data can be misused if not adequately monitored and managed, and as reported in the news, can have devastating consequences.

Organizations need to take responsibility to make sure they are protecting any PII they have collected and stored in order to avoid any possibility of a data breach. This includes instituting strong security measures, creating a detailed data protection plan, and regularly monitoring for any suspicious activity. Additionally, organizations should educate their employees and stakeholders about the importance of data security and the dangers of data breaches.

Ultimately, the bottom line is that PII needs to be thoroughly protected to protect individuals from identity theft and other malicious activities. Organizations must understand the importance of collecting and using data responsibly, adhere to any applicable laws and regulations, and invest in robust security practices to protect personal data.