Blog

Security

ID Theft

Security

Article Timeline

What is Personally Identifiable Information? PII Definition + Examples

Reading time: 8 min read

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Table of Contents

What is PII?

Identity theft is one of the most rampant cyber crimes in the world. Identity theft statistics show that 889 million data breaches occurred in 2021, affecting over 150 million people.

Data gets stolen mainly because of the careless use of PII or Personally Identifiable Information.

Your PII needs protecting. In this article, learn the definition and examples of PII and how to boost your information security to guard yourself against cyberattacks.

🔑 Key Takeaways:

PII, or Personally Identifiable Information, encompasses details that directly or indirectly establish an individual's identity, such as full name, phone number, and social security number.

Sensitive PII, like social security numbers, credit card information, and medical records, requires encryption for protection, while non-sensitive PII, such as gender and workplace details, can lead to identity exposure.

Legal regulations, including the California Consumer Privacy Act (CCPA) and Europe's General Data Protection Regulation (GDPR), exist to safeguard PII, with various countries worldwide having privacy laws to address the collection, use, and sharing of private information.

What is PII?

Personally Identifiable Information (PII) is any information that determines an individual’s identity directly or indirectly.

PII includes a person’s full name, phone number, or social security number. These information pieces are also considered Direct Identifiers as they identify anyone with no supplementary information.

On the other hand, ethnicity, age, and race are called Indirect Identifiers because they can only be linked to a person with the help of more identifiers.

Uses of PII

PII is used to identify and locate users. It also leverages enterprises in classifying which data should be stored, processed, or managed for their gains. Since it uniquely distinguishes consumers from one another, businesses employ it to develop or improve services, products, and ads.

PII collection has grown over the past decades. Although storing personal information has helped enterprises, it has also invited cybercrimes.

PII attracts many cyberattacks. Hackers are known to cause data breaches and steal PII. They tend to hold them captive through deviant ransomware or sell stolen PII on the dark web.

The latest statistics revealed that 15 million Americans had their IDs stolen in 2021 alone. Moreover, 75% of companies have admitted to dealing with data breaches, causing significant disruptions to their businesses.

Sensitive PII vs. Non-sensitive PII

Experts divide PII into two groups: Sensitive and Non-sensitive. Identity thieves usually steal Sensitive PII because it gives them access to a person’s properties and finances.

Sensitive PII has to be transmitted and stored with encryption, something that Non-Sensitive PII can go without.

Sensitive PII

Sensitive PII is information that could cause significant harm to a person if it’s lost, stolen, compromised, or disclosed without authorization.

Examples of Sensitive PII are:

Full name
Mother’s maiden name
Biometrics like DNA or fingerprints
Email address
Personal or home phone number
Social security number (SSN)
Passport code or number
Driver’s license
Credit card information
Debit card information
Other financial or bank information
Medical records
Criminal records

💡Did you know?

In January 2023, a famous American restaurant, Five Guys, admitted to a large data breach back in September 2022. COO Sam Chamberlain addressed the cybercrime in an open letter, only admitting it months after the attack. Hackers stole sensitive PII from employees and customers, such as names, social security numbers, and driver's license numbers.

Non-sensitive PII

Indirect or Non-sensitive PII can be accessed from public sources like the Internet, phonebooks, and corporate directories.

Non-sensitive PII is still linkable information that can reveal a person’s true identity. If combined with the other PII type, Non-sensitive PII becomes sensitive.

Indirect PII can be:

Work phone number
Work email address
Workplace
Gender
Zip code
Date of birth
Place of birth
Religion
Race

✅ Pro Tip:

If you’re looking for someone, you can access some of their PII through People Finders. You can also use reverse lookup services to determine that person’s current location.

Examples of PII

The internet stores a lot of identifiable information about you. Below is a list of extensive identifiers to help you familiarize and safeguard your PII:

Name:

full name
maiden name
mother’s maiden name
alias

Birth information:

Date of birth
Place of birth

Geographical indicators:

Mailing or street address
Zip code

Contact information:

Personal phone numbers
Personal email addresses

Personal characteristics:

Gender
Religion
Race
Handwriting
Photographic IDs or images of your face

Biometrics:

Fingerprint
Facial geometry
Retina scan
Voice signature

Government identification numbers:

Social Security Number (SSN)
Passport number
Taxpayer identification number
Driver’s license number
Other Government-issued ID numbers

Financial information:

Bank account numbers
Credit card numbers
Debit card numbers

Information that identifies properties owned:

VINs
Title numbers

Asset information:

Internet Protocol (IP)
Media Access Control (MAC)

Occupational or employment information:

Professional license number
Place of work
Employee ID number
Workplace address
Business or workplace phone number
Business or Workplace email address

Medical records and patient identification numbers
Educational records
Criminal records

⌛️In a Nutshell

There’s a long list of identifiable information about you. These nuggets of information can range from your name to your biometrics to your medical records. Knowing which PII can truly compromise you is the first step to keeping yourself safe online.

Laws Surrounding PII

There are several ways to protect your digital footprint. However, one of the best is to familiarize the regulations to prevent nefarious people and organizations from stealing and misusing your PII.

Several laws in the world mention PII, including the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Not complying with these PII laws can lead to fines and litigation.

Federal Privacy Regulations in the US

Instead of having just one unified PII law, the US has a few federal laws that state how to handle an individual’s data.

The country also has a governing body that prosecutes illegal PII collection and use.

The Privacy Act of 1974 protects people against the invasion of privacy by federal agencies and institutions that work with them.
The California Privacy Act (CCPA) explains a person’s right to know the information that a business collects from them and how it’s used and shared.
The Health Insurance Portability and Accountability Act (HIPAA) exacts how healthcare organizations should gather and protect patient PII and other medical records.
The Children's Online Privacy Protection Act (COPPA) watches over how companies gather and save information from 13-year-old children and younger.
The Gramm-Leach-Bliley Act (GLBA) compels institutions that sell financial products or services like insurance, financial or investment advice, or loans to explain their information-gathering and sharing practices to clients.
The Fair Credit Reporting Act (FCRA) watches over consumers' credit information and access to credit reports.
The Federal Trade Commission Act (FTCA) has investigative, law enforcement, and rulemaking authority on companies that have deceptive schemes in using PII.

International Privacy Regulations

Each country has a different law that protects PII.

About 71% of all countries have legislation to protect their citizens’ privacy. These laws focus on collecting, using, and sharing private information without giving notice or consent from consumers.

In Europe, the EU's General Data Protection Regulation (GDPR) guides and regulates how companies worldwide handle customer personal information.
Australia has the 1988 Privacy Act to protect citizens from the invasion of privacy by companies and government agencies.
The Indian Digital Personal Data Protection Bill of 2022 proposed revising the 2018 version. It would require bodies to get explicit consent before collecting data unless it’s in the public’s interest.
China has Personal Information Protection Law (PIPL) protects personal information and addresses data leakage problems.

Protecting Your PII

Enterprises are legally responsible for keeping your PII safe. However, it’s up to you to ultimately safeguard them.

Cybercriminals could use your PII to commit fraud or other crimes. Identity theft can be a traumatic experience and can even cost millions. For one thing,

So you should be more attentive in using your private information online. Here are simple and helpful ways to protect your PII and retain your anonymity:

Practice identity security to protect your digital assets from unauthorized access.
Research the website that asks for your information and pay attention to its privacy policy.
Set your social media accounts to private.
Delete your browser’s cache once in a while to help protect your privacy.
If deleting yourself from the internet isn’t an option, ask Google to erase Google search results about you.
Install a robust antivirus to boost your computer’s defenses and prevent cyberattacks.
For businesses, use an EDR solution (Endpoint Detection and Response).
Using your antivirus suite, encrypt your files.
Invest in a strong VPN like Nord VPN or Express VPN to hide some of your information online.
Enable 3FA or MFA on all your online accounts.
Don’t use the same password on multiple accounts.
Stay away from quizzes and other dubious games online. They may discreetly collect private data.
Store your social security card securely at home, not inside your wallet or purse.
Don’t save your account numbers and passwords in one place.

👍 Helpful Articles:

Learning about PII is crucial to safeguarding your privacy online. To extend that knowledge, here’s a list of helpful articles about Internet privacy:

Wrap Up

PII is more than just any information you can throw around the Internet. It’s a collection of sensitive data that can pinpoint a person’s true identity, their location– their entire life.

With this, PII is a frequent target for cyber criminals who will use it for identity fraud or sell it to someone who will.

Your PII may be as simple as a few strings of numbers, but it can cause life-altering experiences if not guarded closely.

The government may have written several laws to protect it. But in the end, it’s up to you to protect your PII and your privacy.

FAQs.

What are examples of personally identifiable information that should be protected?

Sensitive PII should be protected at all times. Examples are your full name, mother’s maiden name, Social Security Number (SSN), Passport information, fingerprints, personal phone number, and financial or bank information.

What is the difference between personal information and personally identifiable information?

Personal information is broader than PII. A person’s device ID numbers and browser history are part of their personal information. However, only their full name, phone number, and email address are considered PII because they can be used to identify them accurately.

Is a birthday considered PII?

A birthday is personally identifiable information. Specifically, it’s a Sensitive PII that may be able to cause harm to a person if it's lost or disclosed.

Sources.

US Department of Labor

IBM

California Consumer Privacy Act (CCPA)

General Data Protection Regulation (GDPR)

Health Insurance Portability and Protection Act (HIPAA)

The Privacy Act of 1974

The Children's Online Privacy Protection Act (COPPA)

The Gramm-Leach-Bliley Act (GLBA)

The Fair Credit Reporting Act (FCRA)

The Federal Trade Commission Act (FTCA)

UNCTAD