What Is Personally Identifiable Information (PII)?
Personally identifiable information, or PII, is any data that could potentially be used to identify a particular person. Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address.
We often talk about PII in the context of data breaches and identity theft. If a company or organization suffers a data breach, a significant concern is what PII might be exposed—the personal data of the customers that do business or otherwise interact with the entity. Exposed PII can be sold on the dark web and used to commit identity theft, putting breach victims at risk.
How identity thieves piece together PII
Not all PII is equal in terms of importance or sensitivity. For instance, your Social Security number is yours alone. That makes it critically important to your identity. On the other hand, it’s possible—even likely in some cases—that other people have the same name as you. Consider how many Steve Smiths and Maria Garcias there must be. So, while your name is an important piece of PII, it’s secondary to your Social Security number.
Often, identity thieves piece together a potential victim’s PII. Combine a name with a person’s email address—and the crook is getting somewhere. Add in race and hometown, and the thief is well on their way to identifying a victim. With this information and the Social Security number that goes with it, a thief could have all they need to commit identity theft. That’s why you don’t want to carry your Social Security card in your wallet—with all your secondary PII. Your lost wallet could be an identity thief’s dream come true.
Don’t think this is some minor issue. Identity theft is a big consumer concern. A 2017 FICO survey revealed some surprising attitudes toward identity theft compared with other concerns:
- 44 percent of American consumers say identity theft and banking fraud, combined, is their top concern.
- 22 percent said their own death—or that of a loved one—was their primary worry.
- 18 percent said their top concern was being a victim of a terrorist attack.
With more consumers concerned about identity theft than their mortality, it makes sense to remember the value of PII.
Keeping an eye on your PII
You can’t have identity theft without PII. So it’s important to do everything you can to protect your personally identifiable information.
Here’s a small sample of what you can do:
- Limit what you share on social media. (If it’s the answer to one of your online security questions, your dog’s name is PII!)
- Shred important documents before discarding them.
- Avoid handing over your Social Security number just because someone asks for it. Make sure they need it. Ask how they'll protect it.
- And again, store your Social Security card in a safe place, not in your wallet.
There’s a lot more you can do, but the key point is to think twice about sharing your PII—and even more often about protecting it.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.