What is personally identifiable information (PII)?
Personally identifiable information (PII) is, as its name suggests, any data that can be used to distinguish or trace an individual’s identity. Criminals can use PII to commit identity and credit card fraud.
US legislation seeks to protect PII and govern its collection and use. According to the Office of Management and Budget (OMB), this extends to information which can identify an individual “when combined with other personal or identifying information which is linked or linkable to a specific individual”.
What is the difference between linked and linkable PII?
There are two categories of PII: linked and linkable information. Linked information is personal data which, on its own, can confirm someone’s identity. Examples of linked PII include:
- Full name
- Social Security Number
- Home address
- Credit card numbers
- Passport number
- Driver’s license number
- Log in details
Linkable PII may not be enough to confirm someone’s identity on its own. It can potentially distinguish or trace an individual when combined with other pieces of data. This can include details like someone’s occupation and workplace, the state they reside in, or their ethnicity.
Does computer data count as PII data?
In an ever-growing digital world, government organizations are broadening their definitions of PII. IGeneral Data Protection Regulation (GDPR) came into force across the EU in 2018. This change to EU law sets out new guidelines for the collection of personal information for all citizens in the 28 EU member states.
GDPR recognises “online identifiers” as personal data, including elements such as IP addresses and cookies. It states that these online identifiers, “may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them”.
US organizations are also recognizing online data as PII. The Federal Trade Commission (FTC) stated: “we regard data as ‘personally identifiable’, and thus warranting privacy protections when it can be reasonably linked to a particular person, computer or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test”.
How to keep your PII secure
Always exercise caution when anyone requests your PII. Criminals can pose as trusted sources, such as your bank or credit card issuer, to steal your information. They may contact you via email as part of a phishing scam or call you, as is the case with interest rate reduction scams.
Be wary of unsolicited calls or emails and never share your information unless you can confirm the request is from a trusted source. If you’re unsure, contact your bank or credit card issuer directly.
You can protect your device from malicious programs like malware by keeping your antivirus software up to date. Malicious programs can track your online activity and keystrokes to steal sensitive information. Criminals can also use unsecured Wi-Fi networks to obtain your details, so avoid connecting to them if possible. You can also use VPN technology to encrypt your data.
Ensure you use strong passwords and security questions that criminals can’t easily guess. Criminals might also use details on social media sites. Your social media profiles can contain linkable PII, such as your workplace, home city, and where you went to school.
They can also provide answers to common security questions, such as your pet’s name or where you met your partner. Make your profiles private and set up two-factor authentication to keep your accounts secure.
Regularly monitor your bank and credit card statements, as well as your credit reports for unauthorized activity. This can include unfamiliar transactions or applications for credit. If you spot anything suspicious, report it immediately to your card issuer. You should also contact one of the three major credit bureaus to dispute any inaccurate information and set up a fraud alert.