Personally identifiable information (PII)
Personally identifiable information (PII) refers to any data that can be used to identify a specific individual. This can include basic details such as age, race, sex, and physical characteristics, as well as more sensitive information like Social Security numbers, birth dates, and banking details. In today's digital landscape, PII encompasses information from electronic transactions, including online banking and purchases, heightening concerns about privacy and security. Unauthorized access to PII can lead to identity theft and financial fraud, with hackers often exploiting this information for malicious purposes. High-profile cases of data breaches and government surveillance have sparked public outcry and discussions about the need for stricter privacy regulations. As online interactions increase, the demand for robust protections against threats like phishing scams and malware is also growing. The ongoing dialogue around PII highlights its critical role in personal privacy and the need for individuals and organizations to safeguard sensitive information in an increasingly interconnected world.
On this Page
Subject Terms
Personally identifiable information (PII)
Any information that can be used to identify an individual person is classified as personally identifiable information, or PII. The data involved can be as simple as age, race, sex, and height along with other observable features that would apply to a specific person. For example, the phrase “a 34-year-old African-American woman who was about 5 feet 4 inches tall” includes four distinct pies of information that could be used to identify that person by sight. Place and date of birth and mother’s maiden name are additional pieces that are frequently used to verify identity. The idea behind using multiple pieces for verification is that most people won’t be a match for all of those at the same time.
Overview
PII can include many elements. Specific data from birth certificates, Social Security numbers, employer identification numbers, employee data, IP addresses, and immigration and naturalization numbers are all included. In the twenty-first century, each person’s electronic transactions, such as banking and online purchases, can also be considered a part of PII.
Of course, with so many kinds of PII associated with each person, there have been an increasing number of concerns about privacy. Many people have seen humorous messages left on friends’ social networking pages as though written by the friends, when in fact they were written by relatives with access to the same social networking accounts. That is a lighter example of what can be done when unauthorized persons have access to someone else’s PII and are able to masquerade as them.
A more serious example is when a hacker gets enough of someone else’s PII to get into that person’s bank account and transfer out funds or use their credit card numbers for purchases they did not authorize. News headlines confirm that such instances of hacking happen often, which has led to companies and governments working for stricter privacy controls and laws.
Of course, the laws do not prevent the government from obtaining PII without cause or warrants, per the case of the National Security Agency (NSA) collecting e-mails and phone records. That case made worldwide news and spurred many groups to publicize their objections to the practice. At the same time, the companies hacked into by the NSA worried about losing customers over it and promised stronger PII protections.
Online consumers also seek to protect their private data from phishing scams. Phishing is a process of collecting people’s personal data without full disclosure. This is often done by an illegitimate website posing as a legitimate one, getting people to enter their PII without suspecting anything.
Correspondingly, software companies have produced programs to specifically combat identity theft. The designers of these programs research how phishing scams work and block or warn against them. They also address invasive programs, called malware, which can copy a person’s sensitive data from his or her computer.
The need to protect PII will only grow. With health-care records often available to medical providers via Internet connections, there is concern that people’s health-care data could be compromised. These and other issues will keep PII at the forefront of privacy battles for years to come.
Bibliography
Goldfarb, Avi, and Catherine E. Tucker. “Privacy Regulation and Online Advertising.” Management Science 57.1 (2011): 57–71. Print.
Green, Stuart P. Thirteen Ways to Steal a Bicycle: Theft Law in the Information Age. Cambridge: Harvard UP, 2012. Print.
Ioannides, Yannis M. From Neighborhoods to Nations: The Economics of Social Interactions. Princeton: Princeton UP, 2012. Print.
Kleinig, John, et al. Security and Privacy: Global Standards for Ethical Identity Management in Contemporary Liberal Democratic States. Canberra: ANU, 2011. Print.
Palfrey, John, and Jonathan Zittrain. “Better Data for a Better Internet.” Science 334.6060 (2011): 1210–11. Print.
Reveron, Derek S., ed. Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World. Washington: Georgetown UP, 2012. Print.
Vaidhyanathan, Siva. The Googlization of Everything (And Why We Should Worry). Berkeley: U of California P, 2012. Print.