Updated on: March 12, 2024
What is PII?
Personally Identifiable Information is any information that can be used to identify someone. This can include direct information such as name and Social Security number or indirect information such as race and gender. Any information that can be traced back to an individual is considered PII.
It’s important to note that the definition of PII isn’t regulated by any singular law or regulation, meaning that it can vary depending on your location. However, the US Department of Labor defines Personally Identifiable Information as:
“Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.”
What qualifies as PII
There are two types of information that qualify as PII.
- Information that can be used to identify an individual on its own
- Information that can be used to identify an individual when grouped with other identifiers
The latter is known as “quasi-identifiers” or “pseudo identifiers” and includes information such as gender, zip code, and age. Individually, they can’t be used to identify someone, but they could when looked at together. This type of information isn’t universally recognized as PII, however. You should check your local legislation to find what qualifies as PII in your area.
Why is it important to remove PII from the internet?
Personally Identifiable Information can enable identity thieves and other cybercriminal to access to your financial accounts and credit records. Cybercriminals can use your personal information to send you targeted scams and spam. Cyber extortion, doxxing, and online stalking are other common risks.
Most companies claim they need your PII to optimize user experience. While this is true, many companies also use the data they collect for purposes other than what they openly advertise such as:
– Influencing your purchases
– Keeping you on their website longer
– Selling your information to data brokers
– Sharing your data with unsafe apps and third parties
Related: Identity Theft Fact & Statistics
How does PII get online?
Believe it or not, you are the main culprit in creating your digital footprint. You put a lot of your personal information online through the websites and apps you use. The good news is that you have control over how much. You can (and should) also stop using any websites or apps that demand too much data as well as those you just don’t need.
Here are some of the biggest ways you put your own personal information online:
– Google (check out our guide on how to remove your info from Google)
– Email accounts
– Smartphone apps
– Social media-
– Dating sites
– Personal websites
– Blogs
– Online shopping sites
– Shopping loyalty programs
– Apps downloaded on your phone
– Browser Extensions
Even when these companies don’t deliberately use your personal information in a careless or harmful way, there are still many associated dangers. For example, there were 1,862 data breaches in 2021 alone. A record high in an alarming upward trend in yearly data security breaches.
The biggest culprits when it comes to collecting your personal information without your knowledge are:
– People-search sites
– Data brokers
– Tracking technologies such as browser cookies
– Phone companies
– Banks, credit cards, lenders
The government is another big source of the data you have online. While this information is necessary for the government to have, it’s often easily available for strangers and companies like data brokers to exploit.
The information the government provides includes:
– Birth records
– Death records
– Marriage records
– Licensing records
– Driving records
– Court records
– Criminal records
– Immigration records
What are some examples of PII?
The sensitivity and regulations surrounding the handling of such information may vary depending on the jurisdiction and the context in which the information is collected and used. Examples of PII may include:
- Full Name: John Doe
- Address: 123 Main Street, Cityville, State, 12345
- Phone Number: (555) 555-1234
- Email Address: john.doe@example.com
- Social Security Number: 123-45-6789
- Date of Birth: January 1, 1980
- Driver’s License Number: ABC123456
- Passport Number: A12345678
- Bank Account Number: 1234567890
- Credit Card Number: 1234-5678-9012-3456
- Biometric Data: Fingerprints, retina scans, etc.
- Medical Information: Health records, prescriptions, etc.
- Employment Information: Job title, salary, etc.
- Online Account Credentials: Username, password, security questions.
- IP Address: A unique identifier for internet connections.
- Vehicle Registration Number: ABC123
- Social Media Account Information: Usernames, profile details.
- Tax Identification Number: TIN or EIN.
- Health Insurance Information: Policy number, coverage details.
- Student Records: School ID, academic performance.
- Criminal Records: Mugshots, fingerprints, arrest records.
- Ethnicity or Race Information: Categorized demographic data.
- Military Identification: Service number, rank, and branch.
- Occupation and Employment History: Workplaces, job titles.
- Travel Information: Itinerary details, boarding passes.
- Biographical Details: Hobbies, interests, and affiliations.
- Emergency Contact Information: Names, phone numbers.
- Voice Recordings: Phone call recordings or voice messages.
- Photographs: Especially if linked to other identifying information.
- Financial Information: Investment portfolios, financial statements.
- Utility Account Numbers: Gas, water, or electricity account details.
- Social Services Information: Welfare or government assistance records.
- Employee ID Numbers: Company-assigned identification for employees.
- Device Identifiers: MAC addresses, IMEI numbers, or serial numbers.
- Genetic Information: DNA profiles or genetic testing results.
- Vehicle Identification Number (VIN): Unique codes for automobiles.
- Library Card Number: Identifying information tied to library usage.
- Subscription Services Data: Information from streaming, magazine, or other subscription services.
- Membership IDs: IDs for clubs, organizations, or professional associations.
- Vendor or Customer IDs: Business-specific identifiers for transactions.
- Social Security Benefits Information: Benefit statements and details.
- Pension Account Information: Retirement fund account details.
- Loyalty Program IDs: Reward program memberships and points.
- Online Purchase History: Details about items bought online.
- Employee Biographical Data: Personal details collected by employers.
- Survey Responses: Personal details shared in surveys or feedback forms.
- Job Application Information: Resumes, cover letters, and job history.
- Education Grant Information: Details about scholarships or grants.
- Census Data: Information collected during national or demographic surveys.
- Legal Documents: Marriage certificates, divorce decrees, or court records.
- Digital Signatures: Unique electronic signatures used for authentication.
- Asset Information: Details about property ownership, investments, or valuables.
- Employment Contracts: Details about terms of employment.
- Trade Secrets: Proprietary business information.
- Conference or Event Registration Data: Information provided during event sign-ups.
- Social Security Earnings Statement: Income details tied to Social Security.
- Gambling Account Information: Details about online betting or casino accounts.
- Healthcare Provider Information: Information about healthcare professionals.
- Home Security System Codes: Access codes for security systems.
- VoIP Call Records: Details about Voice over Internet Protocol calls.
- Peer Reviewer Information: Details about individuals who review scholarly articles.
- Homeownership Records: Details about property ownership and mortgages.
- Wire Transfer Information: Details about electronic money transfers.
- Trademark Registration Information: Details about registered trademarks.
- Professional Licensing Information: Details about licenses for various professions.
- Influencer Agreements: Contracts and details for social media influencers.
- Financial Aid Information: Details about student loans or grants.
- Job Evaluation Records: Information related to employee performance evaluations.
- Court Orders: Legal documents issued by a court.
- Visitor Logs: Records of individuals visiting a particular location.
- Employment Eligibility Verification (I-9) Form: Details about an employee’s eligibility to work in the U.S.
- Personal URLs or Usernames: Custom web addresses or online usernames.
- Health and Safety Incident Reports: Records of workplace accidents or injuries.
- Occupational Health Records: Information related to workplace health assessments.
- Customer Feedback Surveys: Responses to feedback requests from businesses.
- Public Records: Information available through government agencies.
- Criminal Justice Records: Information related to criminal investigations or proceedings.
- Insurance Claims Information: Details about filed insurance claims.
- Employment Authorization Document (EAD): Document issued by the U.S. government for work authorization.
- Website Analytics Data: Information about website usage and visitors.
- Client Agreements: Contracts or agreements between businesses and clients.
- Biological Samples: DNA, blood, or other biological material used for testing.
- Travel Reservation Details: Information about booked flights, hotels, or rental cars.
- Genomic Data: Information about an individual’s genetic makeup.
- Healthcare Billing Information: Invoices and records related to medical expenses.
- Commercial Lease Agreements: Contracts for renting commercial properties.
- Emergency Evacuation Plans: Plans detailing procedures during emergencies.
- Disability Records: Information about an individual’s disabilities and accommodations.
- Utility Usage Data: Information about electricity, water, or gas consumption.
- Livestock Identification Tags: Tags used in agriculture to identify individual animals.
- Patent Filings: Information related to filed patents and inventions.
- Parental Consent Forms: Documents granting permission for activities involving minors.
- Voter Registration Information: Details recorded when individuals register to vote.
- Event Ticket Purchases: Information about tickets bought for concerts, sports events, etc.
- Library Borrowing Records: A history of books or materials borrowed from a library.
- Public Assistance Records: Information about government aid or assistance programs.
- Retirement Account Information: Details about individual retirement accounts (IRAs) or pensions.
- Immigration Documents: Visas, green cards, or other documents related to immigration status.
- Social Media Posts: Content shared on social networking platforms that can reveal personal details.
- Employment References: Information provided by previous employers about an individual’s work history.
- Vendor Contracts: Agreements with suppliers or service providers that may include personal information.
- Webinar Attendance Logs: Records of individuals attending online seminars or webinars.
- Customer Loyalty Program Data: Information collected through customer loyalty programs.
- Police Incident Reports: Reports detailing incidents involving law enforcement.
- Employee Time and Attendance Records: Records of hours worked by employees.
- Employee Benefits Information: Details about workplace benefits, including health insurance and retirement plans.
- Membership Lists: Lists of individuals belonging to clubs, organizations, or associations.
- Internet Search History: Records of online searches conducted by individuals.
- E-commerce Transaction Data: Details about purchases made
What doesn’t qualify as PII?
Any information that doesn’t fall into one of the two categories described above generally doesn’t qualify as PII. This could be statistics on the use of a product, age range, masked IP address, or information collected by the government for a census.
In short, if the information can’t be used to positively identify an individual alone or grouped with other quasi-identifiers, it is not considered PII.
Types of PII
There are two main types of PII: non-sensitive and sensitive.
Non-sensitive PII
Non-sensitive PII is information that is not considered sensitive and can typically be shared without much concern.
Examples of non-sensitive PII include:
- Age
- Gender
- Race
- Occupation
- Education level
- Religion
- IP address
- Mac address
Sensitive PII
Sensitive PII is information that is considered private and shouldn’t be shared, except under specific, limited circumstances and with great care. In the wrong hands, this kind of information can be used to scam, ransom, stalk, harass, or steal the identity of the person the information belongs to.
Examples of sensitive PII include, but are not limited to:
- Full name
- Social Security number
- Driver’s license number
- Passport number
- Address
- Email address
- Phone number
- Bank account number
- Credit card number
- Medical records
- Fingerprints
- DNA
Laws protecting PII around the world
Since there is no universal definition for Personally Identifiable Information, it’s important to be familiar with your local data privacy laws and regulation. Here is a brief overview of some of the privacy laws in different countries:
United States
In the United States, there are several laws that protect PII. The most well-known is the Health Insurance Portability and Accountability Act (HIPAA), which protects the PII of individuals in the healthcare industry. The Federal Trade Commission (FTC) also has regulations in place to protect PII, such as the Fair Credit Reporting Act (FCRA) and the Children’s Online Privacy Protection Act (COPPA).
Additionally, 5 states have comprehensive data privacy laws. These include:
- California – The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)
- Colorado – The Colorado Privacy Act (CPA)
- Connecticut – The Personal Data Privacy and Online Monitoring Act, also known as the Connecticut Data Privacy Act (CTDPA)
- Utah – The Utah Consumer Privacy Act (UCPA)
- Virginia – Virginia Consumer Data Protection Act (VCDPA)
If you live in another state and want to know which laws and regulations protect your PII, you can find a detailed state privacy legislation tracker here.
Europe
In Europe, PII is protected by the General Data Protection Regulation (GDPR). This regulation applies to all organizations that process the PII of individuals in the European Union (EU). It gives individuals more control over their PII and requires organizations to be more transparent about how they use PII.
Canada
Canada has one centralized law that protects PII called the Personal Information Protection and Electronic Documents Act (PIPEDA). This law regulates how private sector organizations can collect, use, and disclose personal information.
Australia
In Australia, PII is protected by the Privacy Act 1988 (Privacy Act). This law regulates the collection, storage, use, and disclosure of personal information, whether by the federal government or private entities. Later amendments regulate the use of healthcare identifiers and establish the obligations of entities that experience data breaches.
New Zealand
In New Zealand, PII is protected by the Privacy Act 2020, which governs the handling of personal information in New Zealand. It aims to provide stronger protection for individuals’ personal information and places more obligations on organizations to protect that information. It also gives individuals more rights in relation to their personal information, including the right to access and correct that information.
How to Protect your PII
While it is not possible to completely protect yourself from PII theft, there are steps that you can take to reduce the opportunities for thieves to steal your information.
- Lock your mailbox or PO box to make it harder for thieves to steal your PII.
- Remove personal identification from junk mail and other documents.
- Avoid carrying more PII than you need.
- Use a unique, complex password for each online account.
- Encrypt your sensitive data.
- Use a unique password for the device you own.
- Reformat your hard drive whenever you sell or donate a computer.
- Optimize the privacy settings on social media and be cautious about sharing too much.
- Be extra cautious about revealing too much data on your children.
- Check for breached passwords on Have I Been Pwned? and similar websites.
It is important to weigh the convenience of certain services against the potential risks to your privacy. While it may be convenient to log in to services with credentials from platforms such as Facebook or Google, it also means more access points for hackers if they gain access to one of your accounts.
PII theft is a serious issue that affects many people. By being aware of the tactics used by thieves and taking steps to protect your information, you can reduce the risk of becoming a victim of identity theft.