The term “PII” stands for personally identifiable information. PII is considered anything that can be traced back to you alone or when combined with another piece of personal information.
According to McCallister, Grance, and Scarfone, PII is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records and (2) any other information linked or linkable to an individual, such as medical, educational, financial, and employment information.”
US General Services Administration says PII is “not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available—in any medium and from any source—that, when combined with other available information, could be used to identify an individual.”
So, what types of information are considered personally identifiable information or PII?
PII includes information that can directly identify an individual, such as a social security number. In addition to directly identifiable information, PII is also comprised of information that can be used to trace an individual’s specific activities.
Specific Examples of PII include, but are not limited to:
- Name, such as an individual’s full name or their mother’s maiden name
- Street address, email address, and IP address
- Identification numbers (i.e., social security number, pass- port number, bank account number, driver’s license number, credit card number)
- Telephone number
- Passwords or answers to security questions
- Information that can be combined with one of the above to trace an individual (i.e., gender, race, birth date, geographic indicators, activities, employment information, medical information, education information, financial information)
Why is this information considered personal and identifiable?
Information is considered identifiable because the information can be used to verify your identity. Social Security numbers, driver’s license numbers, and passports are all widely used forms of identification. If yours falls into the wrong hands, one can easily impersonate you, especially in cyberspace where you most times cannot verify that the person putting in your social security number is actually you by looking at the picture on your ID.
What fits into the category of personal information is going to vary based on the individual. Your passwords and the answers to your security questions are your personal information, but those are going to be different for everyone (hopefully!).
Your personal information includes anything that would be deemed sensitive and could be used by a cybercriminal to directly identify you and your habits. This can include the fact that you go to brunch with your friends every Sunday at that expensive diner on 15th street or that you recently got a promotion working for Y company, and you’ll be making X amount more money now.
Making this type of personal information public can increase your likelihood of being the target of a cybercriminal, because you’re presenting yourself as a suitable target by disclosing your habits and income level.
It also should be noted that not all PII is created equally. A large percent of the world’s population is the same gender as you, so if you disclose that information to someone it doesn’t hold the same risks as you disclosing your social security number, which is unique to you.
Despite this, every piece of your PII should be treated with care and protected because you never know what might happen if it falls into the wrong hands.
Start Your Cyber Curiosity Journey
If you want to take your first step to being cyberaware, pick up my FREE Beginner’s Guide to Recognizing Malicious Messages Online! Also, if you want to take a deeper dive into what it means to explore your cyber curiosity, check out my new book, Cyber Curiosity: A Beginner’s Guide to Cybersecurity – How to Protect Yourself in the Modern World available everywhere books are sold. Here is the link to get your copy on Amazon or Barnes and Noble!