Skip to main content

Defining PII

PII, or personally identifiable information, is any data that can be used to identify an individual. This includes information such as a person’s name, address, date of birth, Social Security number, driver’s license number, or any other unique identifier that can be used to distinguish one person from another. PII is considered sensitive information and must be protected and handled with care.

How PII is used

PII is used for a variety of purposes, such as:

  • Identity verification: PII is often used to verify an individual’s identity, such as when opening a bank account or applying for a loan.
  • Customer service: PII is used to provide personalized customer service, such as when an individual calls a company’s customer service line.
  • Marketing: PII can be used to target specific demographics with marketing campaigns or to conduct surveys to gather information on customer preferences.
  • Fraud detection: PII can be used to detect and prevent fraud, such as when a financial institution uses PII to flag suspicious account activity.
  • Research: PII can be used to conduct research on individuals or specific demographics.

It’s important to note that organizations must obtain consent from individuals before using their PII for these purposes, and must comply with laws and regulations that govern the collection and use of PII.

How PII is collected

There are many ways that PII can be collected, including through online forms, surveys, applications, and transactions. It can also be gathered through offline methods, such as in-person interviews or through the mail. Once collected, PII is often stored in databases, either on-premises or in the cloud, where it can be accessed and used for various purposes.

Importance of Protecting PII

The importance of protecting PII cannot be overstated. Not only is it a legal requirement for many organizations to safeguard this information, but failure to do so can result in significant consequences. For example, a data breach involving PII can lead to identity theft and financial loss for affected individuals. It can also result in reputational damage for the organization responsible for the breach.

 

Get ShareSimple FREE for one user today!

Protecting PII

To protect PII, organizations must implement robust security measures. These may include encryption, firewalls, intrusion detection systems, and regular security audits. Organizations must also have policies and procedures in place for handling PII, such as guidelines for access control, data retention, and data destruction.

Compliance with Laws and Regulations

In addition, organizations must also comply with a variety of laws and regulations that govern the handling of PII. For example, the General Data Protection Regulation (GDPR) in the European Union, the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada all have specific requirements for protecting PII.

 

Using Data Discovery for PII

For organizations that handle PII, it’s essential to have a data discovery tool that can scan and identify PII across the enterprise, and to have a data governance solution that can help them to manage and protect PII in compliance with the regulations, and to minimize the risk of data breaches.

 

Your way forward

Overall, PII is critical information that must be protected at all times. Organizations that handle PII must implement robust security measures and comply with relevant laws and regulations. Additionally, they should invest in data discovery and data governance tools to help them identify, manage and protect PII in a more effective way.

Sebastian Allerelli

Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →