What is PII?
No, not pi, 3.14159, and not pie as in apple pie (yum), but PII, PEA-EYE-EYE.
PII stands for Personally Identifiable Information. PII is any information or combination of information that can be used to identify an individual. You might be thinking, ‘Oh like, fingerprints or DNA?’ Well, yeah, those are unique to individuals and they are PII, but the PII that is really useful and easy to obtain is generally mundane or trivial. Information such as your full name, your mother’s maiden name, your hometown, or your address; those are all examples of PII.
So how does PII to identify a person? So as an example let’s say we have this guy ‘Bob.’ His first name alone isn’t good PII. First names alone and common names like John Smith are not very valuable as PII. But say we know that his full name is actually Robert Heironymus Fravel (sorry bro). That makes this PII extremely valuable because it is very uncommon. Throw in some other mundane PII like home address and social security number or national ID number and Bob’s identity has been stolen and used to rack up huge debt! Protecting PII is a key component of any organization’s information and security efforts, and imperative to preventing identity theft.
What are the different types of PII?
You know what? I LOVE lists! So let me give you some. The following information is considered PII and should be protected whether it is your info or a client’s info. Note that this is not a comprehensive list.
- Full names
- Email addresses (especially private ones from associations, clubs, ect.)
- National identification numbers & social security numbers
- IP addresses
- Vehicle registration plate numbers
- Driver’s license numbers
- Credit card numbers
- Digital identities
- Date of birth
- Genetic information
What isn’t considered PII?
Of course there are lots of different types of information and some information you can’t control. Did you know that some information is automatically in the public domain? That information includes:
- Real-estate ownership
- Birth and death certificates
- Marriage licenses and divorce papers
- Criminal records and other court documents
- User IDs
- Common first or last names
- Country, state, or city of residence
- Gender or race
- Name of school or workplace
Now, if you are looking at those two lists you might be thinking, ‘Oh, that seems contradictory.’ You are right. Criminals will use this information as a starting point to gain access to the rest of your information. So that is why you must always remain vigilant at work and home.
What can you do to protect PII at work and at home?
You need to protect PII on two fronts; at work and at home. When you are at work, always follow company policy. If you think your company’s policy regarding PII is a little (or a lot) lax, let someone higher up know so that the issue can be addressed.
- Do you handle PII of any kind?
- Do you know what kinds of PII you handle?
- Do you know who else has permission to access the PII?
- Do you know the rules about how to transmit the PII outside of the company?
- Do you know how to recognize a social engineering attach when someone is trying to extract PII from you?
- Do you know which industry or other specific regulatory guidelines you need to follow?
- Do you know how to report any real or potential PII breaches?
If you are unsure about any of the above questions, ASK!
- Does the office supply store really need my date of birth and social security number?
- Does the dentist need to know my banking details?
- Does this mobile game really need to have access to my location and address book?
- Does this restaurant have a real need for my physical and email addresses?
The answer is NO to all of the above. Protecting your own PII should be simple—just don’t give it out.
Just follow my philosophy: Don’t share pie or PII.