What is Personally Identifiable Information (PII) & How to Protect It
Personally identifiable information (PII) is any piece of data that can be used to identify an individual. According to the National Institute of Standards and Technology (NIST), this is information that “can be used to distinguish or trace an individual’s identity.”
In this quick guide, we cover how to protect your PII online, including how to remove your personal info from Google. Before we jump into that, let’s cover exactly what’s considered PII and common risks you should be aware of.
PII includes (but is not limited to):
• Full Name
• Social Security Number
• Driver’s Licence Number
• Passport Number
• Taxpayer Identification Number
• Credit Card or Bank Account Number
• Biometric data
• IP Address
• Email Address
• Personal Mailing Address
• Personal Phone Numbers
• Etc.
PII doesn’t necessarily have to be information directly linked to a specific individual. It can also refer to data that when combined with other types of information, it can point to the identity of an individual. For example, a date of birth becomes identifiable info when combined with one of the PII data points above.
Some other supporting data points include:
• Date of birth
• Race
• Religion
• Place of birth
• Online behavior
• Employment information
• Etc.
This type of information is commonly referred to as “non-sensitive PII”. An example of “sensitive personally identifiable information” is your social security number. There is only one social security number per individual and therefore poses a huge risk if someone other than you comes into possession of it.
PII & Online Privacy Risks
As you can imagine, your information getting into the wrong hands can result in devastating consequences. The most common risk is falling victim to identity theft or a hack.
According to a 2019 study, over 14.4 million people per year are a victim of identity fraud. Identity thieves typically use a combination of data from different sources to get the information needed to open credit cards, take out loans, make erroneous purchases in your name, and more.
Other risks include an increase in telemarketers, robocalls, spam. Although less devastating than identity theft, these other risks are an annoyance nonetheless. The more readily available your info is on the web, the more likely companies and organizations will use it for their own gain.
What puts your PII at risk in the first place?
There are 3 compounding factors that leave your PII, and identity, vulnerable online.
1. The sheer volume of companies with your info
Think of the number of places that could have your information (there are probably way more than you even realize). Every account you’ve created, website you’ve visited, survey/form you’ve submitted, newsletter or mailing listing you signed up for, etc. contributes to a digital breadcrumb of organizations with your PII.
The type of information ranges greatly (for example, few places would have access to your full social security details).
2. The proliferation of data breaches
The more companies that have your info, the more susceptible you are to having that info involved in a data breach. A data breach occurs when a hacker or cyber-criminal breaks into a source of data and steals sensitive information. This information is then commonly leaked to the dark web and exposed to any number of unsavory characters. To date, there have been over 494 major data breaches on the dark web.
The type of info found in these breaches vary greatly and don’t always include the necessary PII for criminals to do anything meaningful with. Identity thieves and hackers then turn to search engines to fill in the “gaps” of data they need.
3. The availability of PII on Data brokers
The prime resource for your info finding its way into search engines are data brokers. These are websites that aggregate personally identifiable information for individuals and make it easy for anyone to access it – equivalent to that of a phone book or directory online. There are dozens of these types of sites — Whitepages, TruePeopleSearch, Intelius, and Spokeo to name a few.
Info available on these sites include addresses, phone numbers, email addresses, age, relatives, marriage/divorce records, property records, criminal records, legal documents, and more.
A common example of an identity thief “filling in the gaps” with a data broker is finding answers to common security questions, like your mother’s maiden or the mascot of your high school.
How to safeguard your PII on the web
The good news is there’s a number of steps you can take to better protect your PII data online.
Remove personally identifiable information from data brokers
One of the most important things you can do is remove your information from public data brokers and people search sites. Fortunately, these sites do offer a way to opt out and remove your info from their databases. Each website has its own procedure for removing PII and it’s important that you monitor these sites to ensure your info doesn’t crop up again in the future. We developed a tool that identifies and removes your data from 50 of the most popular brokers exposing it online — get a free scan to see where your info is exposed.
Know when your info has been involved in a breach
As they say, knowledge is power. Although a data breach can’t be undone, knowing your info has been removed helps you to remain vigilant. If you are involved in a breach, steps like changing your password to the breached account and keeping an eye on your financial institutions can help to mitigate any risk. Check out our dark web scan in our DIY tool, it notifies you if your email is involved in a known breach.
Delete any vulnerable unwanted accounts
Do a little spring cleaning and delete any old or unnecessary accounts. This helps get ahead of any problems down the line. There may be a lot of accounts from our over the years — our free Account Deletion tool helps you find and delete any accounts you may no longer be using.
Staying on top of what personally identifiable information can exist about you on the web and following the best practices is crucial to better protect your identity on the web.