Our Criblpedia glossary pages provide explanations to technical and industry-specific terms, offering valuable high-level introduction to these concepts.
Personally Identifiable Information (PII) refers to data that, either independently or when combined with other relevant information, can identify an individual. Various data elements are universally recognized as PII. Additionally, PII is categorized into two types: sensitive and non-sensitive.
Sensitive PII is information that can lead to harm or fraud if revealed. Non-sensitive PII, on the other hand, poses less risk even if it becomes exposed.
Some of the most common forms of Personally Identifiable Information (PII) include:
This includes details such as your full name, Social Security Number, driver’s license information, financial data, credit card numbers, passport details, medical records, and more.
Includes publicly accessible information like your zip code, race, gender, birthplace, date of birth, and religion.
It’s important to note that social media profiles are generally classified as non-sensitive PII. However, this classification depends on the nature of the information shared on these platforms.
According to the General Data Protection Regulation (GDPR), ‘Personal data’ is defined as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”
In the past, securing PII data wasn’t a significant priority. However, the landscape changed dramatically when multiple companies faced multi-million dollar fines due to their mishandling of customer data. Beyond financial penalties, organizations also confront reputational risks that can lead to severe repercussions. Picture your company making headlines for not protecting customer data, with ongoing news coverage as your executives get dragged through all kinds of legal proceedings.
This shift led to a transformation in data protection protocols, posing a significant challenge for companies striving to comply with the evolving rules for properly storing and processing PII.
Given that the GDPR is considered the gold standard for PII protection, it offers comprehensive guidelines on how PII should be managed.
And to help ensure appropriate actions are taken to secure the data, GDPR adds the following: Violating the EU’s GDPR means maximum fines of $23 million (20 million Euros) or 4% of the company’s annual global turnover – whichever is higher.
While the EU’s GDPR is frequently cited in PII security discussions, there are many state, federal, and international laws and regulations governing security and privacy that define permissible practices.
PII security tips and best practices