What is Personally Identifiable Information?

Personally Identifiable Information, as the name suggests, is the information which can identify a person, whether used solely or with other related information. It may consist of direct identifiers, such as passport data, which can uniquely identify an individual. It may also contain quasi-identifiers, such as race, date of birth, location, etc., used to recognize a person successfully.

How Does Personally Identifiable Information Work?

With the emergence of new technologies, the way of operating businesses has changed. The government makes legislation affecting digital instruments, e.g. mobiles, internet, social media and e-commerce. The amount of personal data of all kinds has exploded. Businesses gather, analyze and process big data and share with other firms. Companies use this information to better understand how to interact with customers effectively. However, due to big data, the number of data breaches has also gone up. Businesses are increasingly targeted with cyber attacks. Consumers are increasingly concerned with data security, and regulatory bodies strive to make new laws for the data protection of consumers. PII (Personally Identifiable Information) may contain sensitive information and nonsensitive, too. What is meant by sensitive information is the stats, for example, complete name, SSN (Social Security Number), mailing address, driving license bank details or credit card information, passport information and financial data. Still, there is much more that comes under the head of PII. Generally, businesses share their clients' information using anonymization methods for encrypting and making it obscure. So, others get it in the form of Non Personally Identifiable Information. An insurance co. provides its clients' data to a marketing co. masks the sensitive Personally Identifiable Information and only convey information relevant to the required goal of the marketing co. Then, there is non-sensitive PII or indirect Personally Identifiable Information. There are many sources that can allow access to this type of information easily, for example, the internet, corporate directories and phone books. Race, Zip code, date of birth and gender, all these are quasi-identifiers. So, non-sensitive information can be shared with people. We cannot use this information alone to estimate the identity of a person. Non-sensitive data is not delicate, but still, it is linkable. In simple words, linkable non-sensitive information is the information that can disclose the identity of a person, if used with other personal linkable data. Re-identification and de-anonymization methods are likely to be successful if we piece various quasi-identifiers sets together. We can use it to distinguish an individual from the other. 

Safeguarding Personally Identifiable Information? 

Several countries have adopted data protection laws so that they can provide guidelines to the companies how to collect, save and share clients personal data. Some of the fundamental laws say that some sensitive data is not necessary to be collected unless in extreme cases. Companies should delete data if it is no longer required for the stated purpose. Likewise, they should not share personal data with the sources which do not ensure its protection. Cybercriminals breach Information systems so that they can get access to the PII (Personally Identifiable Information). Then, they sell this information in the underlying digital markets to the buyers who are willing to pay for it. For instance, the Internal Revenue Service (IRS) has to suffer an information breach in 2015, which led to the theft of Personally Identifiable Information (PII) of nearly 100000 taxpayers. With the help of quasi-information that was stolen from many sources, the perpetrators succeeded in accessing the web app of IRS. They simply answered questions related to personal verification of the taxpayers only and accessed the app. 

Personally Identifying Information Around the World 

PII definition varies from country to country. In the US, the government presented the definition of Personally Identifiable Information (PII) in 2007 as anything that someone can trace or distinguish the identity of an individual, e.g. name, Social Security Number, biometric information, either solely or with the other identifiers, e.g. birthplace, date of birth, etc. In the European Union, quasi-identifiers are also included as a part of the definition. These information sets depend on the GDPR (General Data Protection Regulation) with effect from May 2018. 

Related Topics

• Consumer Protection Law (Intro)
• What is consumer protection law?
• Cooling Off Rule
• What major federal laws protect consumers?
• What is the Federal Trade Commission
• Enforcement procedures of the FTC?
• Penalties for violating FTC regulations?
• Commercial Practices Prohibited by FTC?
• Unfair Trade Practices 
  
• Predatory Pricing
• Bait & Switch
• Lemon Laws
• Consumer Financial Protection Bureau
• What is the Fair Credit Reporting Act?
• Users of Information?
• Credit Reporting Agency Consumers
• Reporting Agencies?
• Consumer Reporting Agency
• Furnishers of Information?
• Enforcement?
• Truth in Lending Act
• Fair Debt Collection Practices Act
• Fair Credit Billing Act
• Electronic Funds Transfer Act
• Electronic Funds Transfers (EFT)
• Equal Credit Opportunity Act
• Regulation B
• Consumer Credit Protection Act
• Consumer Advisory Council
• Consumer Financial Protection Act
  
• Consumer Product Safety Act
• Consumer Product Labeling Laws
• Credit Repair Organization Act
• Federal Food, Drug, and Cosmetic Act
• Magnuson-Moss Warranty Act
• Privacy Act of 1974 (Privacy Act)
• Personally Identifiable Information
• Right to Financial Privacy Act of 1978 (RFPA)
• Electronic Communication Privacy Act of 1986 (ECPA)
• Childrens Online Privacy Protection Act of 1986 (COPPA)
• Privacy Policy
• CAN SPAM Act
• What role do states play in Consumer Protection?