What Is Personally Identifiable Information or PII?

by

It seems like, ever since 9/11, our right to privacy has slowly been eroding. Governments and big companies see a huge opportunity in new technologies that allow them to pry into our personal lives for fun and profit.

Privacy PleaseTo some people, this technology might seem benign. You might get a few spam emails and telemarketer calls… but that’s about it.

  • But the reality is that this information can cause a lot of damage if it were to get into the wrong hands.
  • How would your boss react if he found out you have cancer.
  • How would your family or church react if they discovered your sexual history on the Internet?
  • What if a criminal found out that you were rich, and decided to rob your house or kidnap you?
  • What if a rival was able to track you down and hurt you?
  • What if the police could use confidential information to force you into giving up your rights?
  • What if incorrect or slanderous information about you were released on the Internet, and then could not be taken down?

Many companies try to justify these invasions on our privacy by claiming that they don’t collect any “Personally Identifiable Information” or PII. But what exactly constitutes PII?

The criteria that dictate what makes information personally identifiable is dictated by law, and varies depending on which state or country you are dealing with. This makes it especially difficulty when dealing with online information that may be distributed across several countries.

The general consensus, however, is that the following are considered to be Personally Identifiable Information:

  • The individual’s first and last name. This is why it helps to have a common name such as Joe Smith
  • The computer’s IP address. Although this might not always be considered PII since most internet providers will regularly rotate IP addresses dynamically, and have several users on the same IP address at once.
  • Home address, email address or phone number.
  • Photographs, fingerprints or any other unique physical traits such as dental records.
  • Handwriting or signatures.
  • Credit card numbers, bank account numbers or any other form of digital identity.
  • Date of birth or location of birth.
  • Genetic data relating to their DNA. This is becoming of increasing concern in areas relating to health, employment and insurance.
  • National identifiers such as your social security number.
  • License plates or driver’s license numbers.
  • Information which might have been shared with a doctor, priest, lawyer, or any other person with whom the client may have had an expectation of privacy.

Mastercard Layout

There is, however, a debate raging about certain types of broadly identifying information which can be combined to form a unique profile of the individual.

For example… by combining your OS version, screen resolution, browser plug-ins, screen colors, Java support, and other data… a web site could theoretically generate a completely unique fingerprint of your machine without ever having to place a cookie on your computer or track your IP address.

Also, if I were to write an article describing “a 25 year old, brunette, female biology student at Harvard who plays on the volleyball team”, you could possibly track this person down and identify them fairly easily.

This is especially important for businesses. From a marketing perspective, the information which you are unknowingly storing might be putting your company at risk of a lawsuit. And from a corporate risk perspective, your employees might accidentally leak private company information that could put your company at risk of fraud… or allow your competitors to gain dangerous competitive information about your company.

With increasing bandwidth speeds, cheaper storage, and the rise of mobile computing, Personally Identifiable Information is something that your company needs to start thinking about today.

Image Credits: http://www.flickr.com/photos/pong/2404940312/

Leave a Reply