Defining PII
PII, or personally identifiable information, is any data that can be used to identify an individual. This includes information such as a person’s name, address, date of birth, Social Security number, driver’s license number, or any other unique identifier that can be used to distinguish one person from another. PII is considered sensitive information and must be protected and handled with care.
How PII is used
PII is used for a variety of purposes, such as:
- Identity verification: personally identifiable information is often used to verify an individual’s identity, such as when opening a bank account or applying for a loan.
- Customer service: personally identifiable information is used to provide personalised customer service, such as when an individual calls a company’s customer service line.
- Marketing: personally identifiable information can be used to target specific demographics with marketing campaigns or to conduct surveys to gather information on customer preferences.
- Fraud detection: personally identifiable information can be used to detect and prevent fraud, such as when a financial institution uses PII to flag suspicious account activity.
- Research: personally identifiable information can be used to conduct research on individuals or specific demographics.
It’s important to note that organisations must obtain consent from individuals before using their personally identifiable information for these purposes, and must comply with laws and regulations that govern the collection and use of personally identifiable information.
How PII is collected
There are many ways that PII can be collected, including through online forms, surveys, applications, and transactions. It can also be gathered through offline methods, such as in-person interviews or through the mail. Once collected, personally identifiable information is often stored in databases, either on-premises or in the cloud, where it can be accessed and used for various purposes.
Importance of Protecting PII
The importance of protecting personally identifiable information cannot be overstated. Not only is it a legal requirement for many organisations to safeguard this information, but failure to do so can result in significant consequences. For example, a data breach involving PII can lead to identity theft and financial loss for affected individuals. It can also result in reputational damage for the organisation responsible for the breach.
Start your privacy cleanup with the big picture

A GDPR Risk report gives you a complete overview of the privacy risk in your Outlook, OneDrive, SharePoint, local drive and/or network drive. The report is based on a scan with the Data Discovery tool DataMapper.
How to protect personally identifiable information
To protect PII, organisations must implement robust security measures. These may include encryption, firewalls, intrusion detection systems, and regular security audits. Organisations must also have policies and procedures in place for handling personally identifiable information, such as guidelines for access control, data retention, and data destruction.
PII and Compliance with Laws and Regulations
In addition, organisations must also comply with a variety of laws and regulations that govern the handling of PII. For example, the General Data Protection Regulation (GDPR) in the European Union, the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada all have specific requirements for protecting personally identifiable information.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Using Data Discovery for personally identifiable information
For organisations that handle PII, it’s essential to have a data discovery tool that can scan and identify personally identifiable information across the enterprise, and to have a data governance solution that can help them to manage and protect PII in compliance with the regulations, and to minimise the risk of data breaches.
A smarter way of processing personally identifiable information
Overall, PII is critical information that must be protected at all times. Organisations that handle personally identifiable information must implement robust security measures and comply with relevant laws and regulations. Additionally, they should invest in a Data Discovery tool to help them identify, manage and protect PII in a more effective way.

Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →