Personally Identifiable Information (PII) is any data that can be used to identify a person, either on its own or in conjunction with another piece of data. This is anything like obvious identifiers like full names, Social Security numbers, driver’s licenses, birth dates, ZIP codes, or phone numbers. While all PII is sensitive, pieces of information like health data or biometrics can pose a serious risk of being used in a fraud or identity theft attack if exposed.
Why Protecting PII is important
Most organizations today collect and handle vast amounts of PII. From your user profile on Instagram, to your health records at your doctor’s office - both require protection, and failing to protect this information can have serious consequences for a business.
Legality and Compliance Issues
Around the world exists data privacy laws that mandate the protection of your personal information. In the EU, theGeneral Data Protection Regulation (GDPR) defines personal data as “any information relating to an identified or identifiable natural person” and forces strict compliances for all organizations that come with hefty penalties. For example, Amazon was fined $888 million in 2021 for data privacy violations under GDPR after failing to secure their user’s data.
In the U.S., regulation is less comprehensive. States like California enacted the Consumer Privacy Act (CCPA), which grants consumers rights over their personal information and puts the obligation onto businesses to secure that data.
Security Risks and Identity Theft
PII is a prime target for cybercriminals, and is why companies need to take care when dealing with your personal data. Hackers who steal PII may be able to entirely impersonate individuals, take over financial accounts, or commit tax fraud. Stolen data is also widely sold on the dark web and underground markets, fetching a high price for whoever can provide the most data.
Customer Trust & Reputation
The most immediate impact to a company of a PII breach is a loss of customer trust, which can often be amplified by coverage in the media of the breach. Reputational damage comes with lost business, stock prices falling, and even bankruptcy depending on the severity of the breach. Privacy is now a competitive differentiating factor in digital businesses today, and companies that can’t protect it may struggle to retain customers.