Personally Identifiable Information Personally identifiable information, or PII, is any data that could potentially be used to identify a particular person. Examples include a full name, Social Security or Individual Health Identification number, driver’s licence number, bank account number, passport number, and email address. One of these items on its own might be insufficient to enable an individual to be identified, but if taken together an individual can be identified.
PII is often discussed in the context of data breaches and identity theft. If a company or organisation suffers a data breach, a significant concern is what PII might be exposed—the personal data of the customers that do business or otherwise interact with the entity or its own employees. Exposed PII can be sold on the dark web and used to commit identity theft, putting breach victims at risk.
Sensitive personally identifiable information can include your full name, Social Security number or Individual Health Identification (IHI) number, driver’s licence, financial information, and medical records.
Non-sensitive personally identifiable information is easily accessible from public sources and can include your zip code, race, gender, and date of birth.
Passports contain personally identifiable information.
Social media sites may be considered non-sensitive personally identifiable information.
Advancing technology platforms have changed the way businesses operate, governments legislate, and individuals relate. With digital tools like cell phones, the Internet, e-commerce, and social media, there has been an explosion in the supply and storage of all kinds of data.
The emergence of big data has also increased the number of data breaches and cyberattacks by entities who realise the value of this information. As a result, concerns have been raised over how companies handle the sensitive information of their consumers. Regulatory bodies are seeking new laws to protect the data of consumers, while users are looking for more anonymous ways to stay digital. The GDPR regime in the EU and the CDR regime in Australia contain strict requirements to protect the privacy of individuals for this reason.