What is Personally Identifiable Information (PII)?
We often talk about personally identifiable information (PII), but it is very seldom that users know exactly what it is. What's more, there are many ways to manage personal information, and there are quite a few levels to personal information management. It's one thing when you protect your PII from potential exploitation, and it's a completely different thing when a third party manages it for you.
Although there are many aspects related to personal information management that we could discuss, in this case, we would like to focus on documents that disclose the way someone gathers personal information and regulate data protection and privacy.
Table of Contents
What is Personally Identifiable Information?
We would like to start with a short overview on what personally identifiable information (PII) is. It is probably possible to tell from the name that PII deals with a type of data that allows someone to identify a particular person. For instance, your Social Security number is a very good example of PII because it is unique, and this number alone would lead someone straight to you. Aside from that, things like full name, driver's license ID, email address, bank account information, password number, or a phone number can also be considered personally identifiable information.
In the realm of cybersecurity, PII is a very common actor, especially when it comes to data breaches and identity thefts. For example, if a company that manages personal information experiences a data breach, it is very likely that its customers will suffer a personal identity theft because the data managed by the company will be stolen.
Here we would like to mention that sometimes the criminals do not even need to steal every single detail. They can piece your PII together if they get it from different sources. Thus, it is very important how you manage your personal information, and whether your methods make it harder for criminals to obtain the said data.
To protect your PII from potential exploitation, you should be very careful about what you share on social media. It would also be a good idea to shred documents before you throw them out (you can never know who rummages around your trash), and please refrain from giving out your social security numbers and other important IDs to the left and to the right.
So this is the minimum of what you can do to protect your PII. But sometimes you trust a third party with your PII, and then this third party is responsible for personal information management and storing. The question is how can we know which information is stored by third parties? For that, we have privacy policies.
What Is a Privacy Policy?
Any decent website or service will have a privacy policy. Just scroll down to the bottom of the page, and you will probably find the Privacy Policy link. A privacy policy is a document or a statement where you can find all the ways a third party gathers, uses, discloses, and manages your data. Privacy policies are necessary to protect the customer's privacy.
Normally, privacy policies are quite broad, and the exact contents depend upon the applicable law. It means that the privacy policies you encounter in various websites may differ according to the country, in which the website was registered. Each country tends to have its own individual legislation that denotes the information management guidelines. While the United States has no generally applicable laws that would manage privacy policies, in Europe, the right to privacy is a highly developed area of law. Therefore, to give you a better example of certain privacy policy regulations, we would like to tell you a little bit about the European GDPR.
What Is GDPR?
The General Data Protection Regulation (or GDPR) is a regulation on data protection that applies for all individuals with the European Union and the European Economic Area. It was first made in April 2016, and then finally implemented on May 25, 2018. If you reside in the EU, and you have recently had to review all of your browser cookies settings whenever you accessed a new website, you can be sure that the review had to be done because of this regulation.
The point of GDPR is that it technically gives individual users bigger control over their personal data, and it also makes it easier for international businesses to function within the EU by simplifying and unifying the regulation within the region. That is possible because, in the EU, the data protection laws cover both: the private and the public sector. As a result, privacy laws and regulations also apply to private enterprises and commercial transactions.
The GDPR tightens privacy policies that can be used by multiple companies and websites. The regulation sees to it that no personally identifiable information can be publicly available without explicit consent and that the processing of this sensitive data has to be extremely confidential. All security settings have to be set to the highest mode by default, and if, for some reason, the owner of the personal information no longer wants to share it, they can revoke the consent whenever they want. On top of that, the GDPR also says that the owner of the PII has to know exactly which data is collected, how long the data will be stored, and if it will be shared with anyone outside of the EU.
Perhaps one of the most well-known aspects of the GDPR is the right to erasure, which was first known as the right to be forgotten. To put it simply, if there is any type of information about you on the Internet that you want to be gone, you can make a request to erase the said information, and the organization has a month to respond to your request.
While some companies may perceive the GDPR as a hindrance due to a vast number of regulations they need to comply with, it should be pointed out that businesses had two years to prepare for the shift since 2016. However, just a month after the GDPR was implemented, the US state of California has adopted The California Consumer Privacy Act of 2018. This move shows that we can only expect privacy policy regulations to become tighter in the future all around the world.
Meanwhile, we have to remain attentive when we share our PII with third parties. If you are having trouble remembering important information, you can also use a third party application like Cyclonis Password Manager to store your passwords, social security numbers, and other sensitive information in the Private Notes section. Whatever you do, please bear in mind that your attitude to your PII is just as important as the national and international laws that regulate corporate and personal data management.
