In the era of constant digital connectivity, our identities are more publicly available than ever before. With 3 million identity theft and fraud reports in 2018, you have to be ready to protect your data and your employees' data.
First, though, you have to know what you're trying to protect.
This is when it helps to understand personally identifiable information (PII). Here are a few personally identifiable information examples, along with examples of what PII is not and how thieves use your data.
What Is Personally Identifiable Information?
Personally identifiable information, or PII, is information that can be used to identify you. Some of this information can be useful on its own, while some information requires other information to be a complete identifier.
Some documentation, like passports, identify you directly. These are pieces of information that are unique to you and can be used on their own as a means of identification.
Other pieces of information are quasi-identifiers, such as race or ethnicity. It is a useful identifier, but it's only helpful when used in combination with other quasi-identifiers to pinpoint you.
For example, saying that you're a white woman isn't enough to let someone identify you specifically. However, if we say that you're a white woman born on this specific date, that helps narrow the field. Quasi-identifiers need other quasi-identifiers to eliminate other people who might meet the same criteria.
Personally Identifiable Information Examples
In general, PII is divided into two specific types of information:
Linked information is information that's linked uniquely to you, while linkable information can be linked to you when combined with other links in a chain leading back to you.
Since linked information (or direct identifiers) is linked uniquely to you, linked information can be used to identify you without the need for additional identifying information.
Examples of linked information include:
Your full name
Your Social Security number
Your passport number
Your driver's license number
Your date of birth
Your home address
Your telephone number
Because linked information contains identifiers unique to you, it's more sensitive than linkable information. Some linked information, like your Social Security number, is more sensitive than others, like your full name or birthday.
You tell people your birthday all the time. But your Social Security number is only shared in specific cases to ensure that other people can't use it.
Linkable information is information that can actually be used to identify you, but it isn't sufficient to identify you without further information.
Your job position and employer are examples of linkable information. It helps narrow the field to only your workplace and those with your job title, but it isn't enough to distinguish which one of those people is you.
Your gender and race are also good examples of linkable information, as is your non-specific age (30-40, rather than 32).
For some people, their name may actually be linkable information, if they have an extremely common name. There are 5.1 million men named John in the United States, but there are far fewer men named Roald or Bertram.
Keep in mind that this also depends on where you live--a common name in Poland or Thailand won't be common in the United States.
What Is Non-PII?
Now that you know what PII is, let's talk about what PII is not.
Put simply, non-PII data is information that is simply anonymous. It cannot be used to trace your identity on its own. Some non-PII can't be used to identify you at all, even if it's combined with other information.
For example, your browsing history or device ID are both non-PII. In theory, one might be able to say that a person using devices you own was logically you, but browsing history doesn't provide any clear indicators for one person's identity over another.
PII vs. Personal Data
However, it's important to understand the difference between personal data and personally identifiable information.
One easy difference is American versus European. The US government uses the term, "personally identifiable information," while European officials tend to use the term, "personal data".
On a deeper level, it's a bit more complicated.
The General Data Protection Regulation (GDPR), the new EU data privacy law, defines personal data as any information which can be used to identify a person, directly or indirectly.
This includes location data and online identifiers as well as other factors indicating the physical, physiological, genetic, economic or cultural identity of a person.
To be clear: under the GDPR, even cookies are viewed as personal data. United States privacy laws generally don't view cookies and similar data as PII, even though they can be used to identify you.
How Thieves Put PII Together
In order to steal your identity, a thief has to piece together enough linked and linkable information about you.
For many thieves, the first step is identifying linkable information. Your name isn't enough to identify you, but with a name and an email address, they can make progress. Add in other secondary information, like your driver's license or your hometown, and a thief has a solid toolkit for identity theft.
If they can acquire primary identifiers, like your Social Security number, they have everything they need for flawless identity theft.
This is why it's vital to protect your PII, including any seemingly useless secondary PII that might be used to find your identity. For example, if your cat's name is the answer to one of your online security questions, then your cat's name counts as valuable PII.
Protecting Your PII
Of course, knowing personally identifiable information examples isn't enough. You have to keep that information from entering the wrong hands in the first place.
That's where we come in.
We're built on a zero-knowledge framework, which means that no one, including us, can see your data. Want to find out how it works? Click here to schedule a demo.
Make Your Data Completely Useless to Hackers!
Schedule a 1:1 consultation with Claude, Nullafi's VP of Partnerships
Subscribe for the latest updates on protecting PII!