What is 'Personally Identifiable Information (PII)'

Personally Identifiable Information (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g. passport information) that can identify a person uniquely, or quasi-identifiers (e.g. race) that can be combined with other quasi-identifiers (e.g. date of birth) to successfully recognize an individual.

BREAKING DOWN 'Personally Identifiable Information (PII)'

Nascent technology platforms have changed the way businesses operate, governments legislate and individuals relate. With digital tools like cell phones, the internet, e-commerce, and social media, there has been an explosion in the supply of data of all kinds. Big Data, as it is called, is being collected, analyzed, and processed by businesses and shared with other companies. The wealth of information provided by Big Data has enabled companies to gain insight into how to better interact with customers. However, the emergence of Big Data has also increased the number of data breaches and cyberattacks by entities who realize the value of this information. This has raised concerns over how companies handle the sensitive information of their consumers. Regulatory bodies are seeking new laws to protect the data of consumers, while users are looking for more anonymous ways to stay digital.

Sensitive vs. Non-Sensitive PII

Personally identifiable information (PII) can be sensitive or non-sensitive. Sensitive personal information includes stats like full name, Social Security Number (SSN), driver’s license, mailing address, credit card information, passport information and financial information. This is ,by no means, an exhaustive list of what comprises PII. Companies that share data about their clients normally use anonymization techniques to encrypt and obfuscate the PII so it is received in a non-personally identifiable form. An insurance company that shares its clients’ information with a marketing company will mask the sensitive PII included in the data and leave only information related to the marketing company’s goal.

Non-sensitive or indirect PII is easily accessible from sources like phonebooks, the internet and corporate directories. Zip code, race, gender, date of birth are all quasi-identifiers and examples of non-sensitive information that can be released to the public. This type of information cannot be used alone to determine an individual’s identity. Non-sensitive information, although not delicate, is linkable. This means that non-sensitive data, when used with other personal linkable information, can reveal the identity of an individual. De-anonymization and re-identification techniques tend to be successful when multiple sets of quasi-identifiers are pieced together and can be used to distinguish one person from another.

Safeguarding PII

Several data protection laws have been adopted by several countries in order to create guidelines for companies that gather, store, and share personal information of clients. Some of the basic principles outlined by these laws state that some sensitive information need not be collected unless for extreme situations; data should be deleted if no longer needed for stated purpose; and personal information should not be shared with sources that cannot guarantee its protection.

Cybercriminals breach data systems to access PII which is then sold to willing buyers in underground digital marketplaces. For example, in 2015 the IRS suffered a data breach leading to the theft of more than a hundred thousand taxpayers’ PII. Using quasi-information stolen from multiple sources, the perpetrators were able to access an IRS website application by answering personal verification questions that should have been privy to the taxpayers only.

PII Around the World

The definition of what comprises PII differs depending on which part of the world you're in. In the United States, the government defined "personally identifiable" in 2007 as anything that can "be used to distinguish or trace an individual's identity" such as name, SSN, biometrics information — either alone or with other identifiers such as date of birth, or place of birth. 

In the EU, the definition expands to include quasi-identifiers. These data sets will become subject to the General Data Protection Regulation (GDPR) that comes into effect in May 2018. 

RELATED TERMS
  1. Data Breach

    A data breach is an unauthorized access and retrieval of sensitive ...
  2. Data Anonymization

    A data privacy technique that seeks to protect private or sensitive ...
  3. De-Anonymization

    De-anonymization is a reverse data mining technique that re-identifies ...
  4. Customer Information File (CIF)

    A computerized file that stores all pertinent information about ...
  5. Identity Theft

    The crime of obtaining the personal or financial information ...
  6. Material Insider Information

    Material information, about certain aspects of a company, that ...
Related Articles
  1. Personal Finance

    Identity Theft: How to Avoid it

    Don't be a victim of this disturbing crime. Get insight into how perpetrators commit this form of fraud.
  2. Tech

    Whose Fault Is Identity Theft?

    You've been so careful, so how did they get your information? Who is really to blame for your identity being stolen?
  3. Insights

    5 Overlooked Places Where Your Identity Can Be Stolen

    Identity theft affects many Americans, and are often caught off guard. These are 5 places thieves target.
  4. Tech

    5 Ways to Avoid Identity Fraud

    Identity theft was the number one consumer complaint in 2014. Here are some ways you can protect yourself.
  5. Personal Finance

    Financial Data Analyst: Job Description & Average Salary

    Learn about the average salary for a financial data analyst position and the skills, education and experience employers require of candidates.
  6. Tech

    3 Steps to Protect Yourself After a Security Breach

    Three steps you can take to protect yourself from an online security breach.
  7. Investing

    Accounting Basics

    What is accounting? Learn the basics of this essential way of recording and summarizing financial information.
  8. Managing Wealth

    Data Integrity Analyst: Job Description & Average Salary

    Learn about the average salary of a data integrity analyst and the required skills, education and previous experience needed to fill this role.
  9. Personal Finance

    The New Ways Thieves Are Stealing Your Identity

    How are thieves now using new technology, like social media and old mobile phones, to steal identities?
  10. Tech

    Cybersecurity: Protect Yourself This Tax Season

    Take a little extra time to review online communications and avoid becoming a cybercrime victim.
RELATED FAQS
  1. Why Do Brokers Ask for Personal Information?

    There are 3 reasons a broker needs personal information: suitability, record-keeping and the law. Read Answer >>
  2. How is the ability to perform Activities of Daily Living (ADL) measured?

    Find out how to apply sensitivity analysis to your investment decisions, why sensitivity analysis might be useful and what ... Read Answer >>
  3. How do financial market exhibit asymmetric information?

    Understand how financial markets exhibit asymmetric information. Learn how asymmetric information by any party can result ... Read Answer >>
  4. When should I use seasonally adjusted data from the consumer price index (CPI)?

    Learn what seasonally adjusted data is, how it is determined and when it should be used to evaluate the information gathered ... Read Answer >>
Hot Definitions
  1. Initial Public Offering - IPO

    The first sale of stock by a private company to the public. IPOs are often issued by companies seeking the capital to expand ...
  2. Cost of Goods Sold - COGS

    Cost of goods sold (COGS) is the direct costs attributable to the production of the goods sold in a company.
  3. Profit and Loss Statement (P&L)

    A financial statement that summarizes the revenues, costs and expenses incurred during a specified period of time, usually ...
  4. Monte Carlo Simulation

    Monte Carlo simulations are used to model the probability of different outcomes in a process that cannot easily be predicted ...
  5. Price Elasticity of Demand

    Price elasticity of demand is a measure of the change in the quantity demanded or purchased of a product in relation to its ...
  6. Sharpe Ratio

    The Sharpe ratio is the average return earned in excess of the risk-free rate per unit of volatility or total risk.
Trading Center