Skip to main content

Defining PII

PII, or personally identifiable information, is any data that can be used to identify an individual. This includes information such as a person’s name, address, date of birth, Social Security number, driver’s license number, or any other unique identifier that can be used to distinguish one person from another. PII is considered sensitive information and must be protected and handled with care.

How PII is used

PII is used for a variety of purposes, such as:

  • Identity verification: personally identifiable information is often used to verify an individual’s identity, such as when opening a bank account or applying for a loan.
  • Customer service: personally identifiable information is used to provide personalized customer service, such as when an individual calls a company’s customer service line.
  • Marketing: personally identifiable information can be used to target specific demographics with marketing campaigns or to conduct surveys to gather information on customer preferences.
  • Fraud detection: personally identifiable information can be used to detect and prevent fraud, such as when a financial institution uses PII to flag suspicious account activity.
  • Research: personally identifiable information can be used to conduct research on individuals or specific demographics.

It’s important to note that organizations must obtain consent from individuals before using their personally identifiable information for these purposes, and must comply with laws and regulations that govern the collection and use of personally identifiable information.

How PII is collected

There are many ways that PII can be collected, including through online forms, surveys, applications, and transactions. It can also be gathered through offline methods, such as in-person interviews or through the mail. Once collected, personally identifiable information is often stored in databases, either on-premises or in the cloud, where it can be accessed and used for various purposes.

Importance of Protecting PII

The importance of protecting personally identifiable information cannot be overstated. Not only is it a legal requirement for many organizations to safeguard this information, but failure to do so can result in significant consequences. For example, a data breach involving PII can lead to identity theft and financial loss for affected individuals. It can also result in reputational damage for the organization responsible for the breach.

Want to clean up your emails for sensitive information?

With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.

How to protect personally identifiable information

To protect PII, organizations must implement robust security measures. These may include encryption, firewalls, intrusion detection systems, and regular security audits. Organizations must also have policies and procedures in place for handling personally identifiable information, such as guidelines for access control, data retention, and data destruction.

PII and Compliance with Laws and Regulations

In addition, organizations must also comply with a variety of laws and regulations that govern the handling of PII. For example, the General Data Protection Regulation (GDPR) in the European Union, the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada all have specific requirements for protecting personally identifiable information.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Using Data Discovery for personally identifiable information

For organizations that handle PII, it’s essential to have a data discovery tool that can scan and identify personally identifiable information across the enterprise, and to have a data governance solution that can help them to manage and protect PII in compliance with the regulations, and to minimize the risk of data breaches.


A smarter way of processing personally identifiable information

Overall, PII is critical information that must be protected at all times. Organizations that handle personally identifiable information must implement robust security measures and comply with relevant laws and regulations. Additionally, they should invest in data discovery and data governance tools to help them identify, manage and protect PII in a more effective way.

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →