An explanation of personally identifiable information

Name: What is PII (Personally Identifiable Information)? PII and Data Security
Uploaded: 2024-12-03T09:30Z
Duration: 3 min 36 s

Sabrina Polin, Managing Editor

In this video, TechTarget assistant editor Tommy Everson talks about personally identifiable information, the difference between sensitive and nonsensitive PII, and why it is important to keep PII secure.

PII: It's what makes you, you.

Personally identifiable information, or PII, exists in everyone, everywhere. It's any information that can be used to identify a specific individual. And while PII enables you to get a job, travel or even unlock your phone, it can also be stolen, used maliciously and cause harm to an individual or business.

Here, we'll go over the basics of PII and why it needs to be secured.

Definitions of PII vary by jurisdictions and agencies, but generally refers to information that can either directly or indirectly identify individuals.

Direct identifiers can alone identify individuals, including:

Your address.
Biometrics, like fingerprints or face scans.
Credit card or debit card numbers.
Driver's license number.
Email address.
Name.
Social Security number
Phone number.

Quasi-identifiers can identify individuals when linked to other information, such as:

Your age.
Birthday.
Gender.
Geographic location.
Passport number.
Race.

On top of that, PII can also be either sensitive or nonsensitive. Nonsensitive PII is usually publicly available, like in corporate directories or phone books. Sensitive PII, on the other hand, could result in harm if leaked, like in a data breach. Organizations are required -- either legally, contractually or ethically -- to encrypt sensitive PII when in transit or at rest.

So, how do cybercriminals get this data in the first place?

Attackers can sometimes steal PII by gaining access to a system through misconfigured servers, unsecured devices, password cracking or physical access. But, more commonly, they play their victim. Through social engineering tactics, like phishing, attackers can manipulate someone into revealing their sensitive information.

For example, a fake website might ask a user for PII for "authentication" purposes, then take that PII and use it to access the employee's or organization's systems.

You can protect your own PII by:

Limiting what you share on social media.
Keeping Social Security cards and other identification in a safe place.
Practicing good password hygiene.
Being wary of anyone asking for sensitive information -- especially via email or text.

But the onus isn't just on the individual. Businesses are responsible for securing sensitive PII and should follow basic PII protection practices, such as:

Updating software and apps regularly.
Backing up data regularly.
Destroying old media with sensitive data.
Using VPNs and secure networks, not public Wi-Fi.
Encrypting PII-related data.
Creating incident response plans.
And continuously assessing security postures.

As the amount of data in the world continues to balloon, new laws and regulations are emerging to protect consumer data across the board, such as GDPR, CCPA and several other U.S. state- and city-level legislation.

How confident are you in your personal security posture? What about your organization's? Share your thoughts or security concerns in the comments and remember to like and subscribe to Eye on Tech, too.

Sabrina Polin is a managing editor of video content for the Learning Content team. She plans and develops video content for TechTarget's editorial YouTube channel, Eye on Tech. Previously, Sabrina was a reporter for the Products Content team.

View All Videos