What Is Personally Identifiable Information? (And How To Protect Yours)

Personally identifiable information (PII) is information that allows someone to determine your identity either directly or indirectly. PII can include details such as your name, address, or Social Security number (SSN).

Some PII is very sensitive as it could make you vulnerable to identity theft. In some cases, rules are in place to ensure that the third parties that you provide personally identifiable information to protect that information and keep it secure.

This guide will explain what PII is, how you can protect yours, and why you should consider an identity theft protection service.

Examples of PII

Personally identifiable information is defined to include any information that directly or indirectly could be used to identify you.

Examples of PII include:

• Your name
• Your address
• Your telephone number
• Your Social Security number
• An identifying code, such as your healthcare member ID number
• Your email address (if it includes your full name)
• Your place of birth
• Your mother’s maiden name
• Your passport number
• Your medical records

Some information, such as a birth date, could be considered personally identifiable if combined with other information that distinguishes an individual’s identity from others with the same birthday.

PII can be found in a wide variety of places, including:

• Student or personnel records
• Health insurance forms
• Job applications
• Credit card sales records
• Computers
• Phones and tablets
• Passports and driver's licenses
• Social media

Some personally identifiable information is considered "sensitive" because it contains information that could put you at risk of identity theft or a breach of your privacy.

Examples of sensitive PII include:

• SSNs
• Credit card numbers
• Financial account numbers
• Security or access codes
• Passwords
• Medical information
• Health insurance information
• Driver’s license numbers

There are special laws protecting this type of information. For example, in California, if your personally identifiable information is compromised, the party responsible may need to notify you. Other laws, such as the Health Insurance and Portability Act (HIPAA) protect specific types of PII by imposing rules designed to ensure the information is kept private.

Is PII the same as personal data?

The term "personally identifiable information" is widely used in the United States. It’s used in privacy laws and security rules for the collection and storage of an individual's data.

Other countries protect "personal data" rather than just "personally identifiable information." For example, the General Data Protection Regulation (GDPR) applicable in the European Union establishes safeguards for personal data and defines it as "any information" that relates to an identifiable natural person and that can directly or indirectly identify that individual.

Personal data under GDPR laws includes names, addresses, identification numbers, location data, and other factors specific to the physical, mental, economic, cultural, or social identity of an individual. The GDPR's definition of personal data is more specific and broader than the definition of personally identifiable information in the U.S., and PII is considered a subset of personal data under the EU's rules.

What is protected health information (PHI)?

Protected health information is a subset of PII. PHI includes any individually identifiable health data created about a patient by an entity covered by HIPAA.

Examples of PHI include:

• Demographic data
• Medical test results
• Insurance information
• Medical histories
• Any information that could be used to identify a patient, including:
  • Names
  • Phone numbers
  • Social Security numbers
  • Account numbers
  • Certificate or license numbers
  • Biometric identifiers
  • Any other unique identifying characteristics or codes
• Any information that could be used to provide healthcare services

HIPAA's privacy rules apply to health plans, healthcare providers, and business associates of these entities. Anyone subject to HIPAA's privacy rules must follow strict protocols for securing information, including safeguarding documents, limiting access to files, and not releasing information to anyone but the patient except in limited circumstances, such as when there is an immediate risk of harm.

What is PII used for?

Personally identifiable information can be used in many different circumstances.

For example, companies or government agencies may collect personally identifiable information:

• When job applications are submitted
• As part of customer surveys
• As part of user experience research
• When email messages are submitted
• When you submit an application for a loan or a credit card
• When you shop online
• When you create a social media account
• When you take online quizzes
• When you download or use an app on your phone

Your information may be used for a number of reasons, from facilitating the sale of products or services to providing you with health care to tailoring ads online.

How is PII used in identity theft?

If your personally identifying information falls into the wrong hands due to a data breach, you could become the victim of identity theft.

Hackers use cyberattacks and other measures to gain access to the databases of companies that have collected your PII legitimately. Phishing emails could be used to get you to provide your personally identifying information.

Or dishonest actors could obtain your personally identifying information from social media, especially if you do not make your profiles private and you share a lot of details online about your life and family.

Once someone with bad intentions improperly obtains your PII, it could be used to take out debt, obtain medical services, take money out of your bank account, or even assume your identity.

How can you keep your PII safe?

If you want to keep your PII safe, there are a few key steps that you should take to make sure your sensitive information doesn't fall into the wrong hands.

Use multi-factor authentication

Multi-factor identification, or two-factor identification, helps to improve your data privacy. With multi-factor identification, a username and password aren't enough to log into accounts. After a username and password are entered, the website will then send a security code to an email address, authentication app, or mobile device. You must enter the code to gain access.

Use a password manager

Having strong passwords lowers the chances of thieves guessing your login details and gaining access to your accounts. The strongest passwords are usually strings of random numbers and letters rather than words or number patterns that are easy to remember — and easy to guess.

A password manager allows you to create long passwords with random characters while storing those secure passwords so you don't have to remember them. Using a password manager makes it easier to create secure passwords and makes it easy to follow the best practice of creating a unique password for every website you use.

Use a VPN on public Wi-Fi

When using public Wi-Fi, it can be easier for hackers to access your information since the website may not be secure. A VPN, or virtual private network, can be used to help secure your details, as VPN apps can encrypt your data.

Install identity theft protection software

There are software programs available that help you to prevent identity theft. This could include services that provide notifications of suspicious activity and monitor your accounts for unusual activity. There are also browser add-ons or plug-ins that force your browser to use encryption even on websites that don't offer it. Here are three of the top identity theft services:

• Aura: Offers identity theft protection and a VPN that offers digital privacy. Aura is a good option for families with its parental controls that help prevent against child identity theft. 

• Norton LifeLock: Comes with extensive identity theft protection features such as credit monitoring and reports, as well as up to $3 million in identity insurance. 

• Identity Guard: An identity theft protection service that uses AI and machine learning for credit monitoring and theft alerts. It also scans the dark web for your personal information.

Limit what you share online

To stay safe online, you'll want to be careful about what you share publicly. You should avoid posting ID cards or other sensitive data on social media. You'll also want to be careful about answering online quizzes or surveys, and make sure you don't overshare personal details that scammers could use to create fake accounts in your name.

FAQs

Bottom line

Your personally identifiable information is likely shared with many companies both in person and online. But that doesn't mean you can't or shouldn't take cybersecurity steps to ensure your data doesn't fall into the wrong hands and put you at risk of identity theft.

Follow the recommended steps and get an identity protection service to safeguard your personal details and lower the chances of scammers gaining access to your financial information and other data and creating a lot of headaches for you to resolve.