If you’ve seen the acronym PII in the news or in trade magazines, you may have questions. What is it exactly, and what is the danger surrounding it? Today’s tech blog post answers these questions and more.
What Is PII?
PII stands for personally identifiable information. Personally identifiable information (from here on, we’ll just use PII) is information tied to an individual that can be used to identify that specific individual. The term usually comes up in discussions of internet security and identity theft. Most everyone in the developed world has plenty of PII. Name, race, address, age, physical description, and even photographs can be PII. So can social security numbers, credit card numbers, email addresses, usernames, and passwords.
Is PII a Bad Thing?
No, PII isn’t bad. Some of it (like name, age, and physical description) is directly tied to our core identities. Much of it is the currency by which we live our lives. You need usernames and passwords to exist on the web, and you need social security and bank account numbers to exist in the financial marketplace. These elements aren’t bad, but they can be problematic.
Then What’s the Problem with PII?
The problem with PII is that if a bad actor (like an identity thief) accumulates enough of a person’s PII, the bad actor can compromise accounts or even steal the person’s identity. While PII isn’t a bad thing, people must do what they can to rein in access to their PII.
Is All PII Created Equal?
No, it’s not. Some items are more valuable (or sensitive) than others. If all a bad actor has to work with is your full name or a photograph, he or she isn’t going to be able to do much. Similarly, if someone gets ahold of your credit card number by itself, it’s almost useless. Some PII, like social security numbers, are more valuable even on their own.
The real problem is accumulation. Thieves can do a lot of damage if they manage to match up a name with the correct social security number. The more PII they add, the more damage they can do.
How Accumulated PII Facilitates Identity Theft
The fuller an identity a thief can build, the more serious damage the thief can inflict. Knowing your name and address accomplishes little on its own. Add in a bank account or credit card number and the last four digits of your social, and now the thief may be able to sweet-talk a customer service representative into issuing a new card or approving a transfer.
How Thieves Accumulate PII
Some PII (usually from significant data breaches) is available for purchase on the dark web. Some of it gets stolen using social engineering or phishing. In too many cases, a considerable amount of PII is freely displayed on a victim’s social media account. If “Where did you go to high school?” is one of your bank account security questions and the answer is freely displayed on your Facebook profile, you’re setting yourself up for ID theft.
Keep Your PII Safe
Much of keeping control of your PII is common sense. Limit what you share on social media, and don’t give away account numbers or your social security number when it’s not necessary. These small steps will go a long way to protecting your PII.
Does your organization need additional help managing PII? Contact us today!