Personally Identifiable Information (PII)

What is PII?

PII, or Personally Identifiable Information, refers to any information which identifies, relates to, or can be used to describe an individual.

In the security industry, PII most commonly refers to data such as:

  • Full Names
  • Birthdates
  • Social Security Numbers
  • Financial Account Numbers
  • Street Addresses

How do People Determine Identity?

  • We can tell two individuals apart from one another because our brains are able to compare hundreds of nearly imperceptible physical characteristics, almost instantly.
  • For example: Although Person A and Person B (pictured below) share many of the same physical characteristics, such as hair color, eye color, skin tone and eye-glasses, you can probably still tell that they are not the same person.

Person A

Person B

How do Machines Determine Identity?

  • An average machine is limited to using personally identifiable information (PII), such as an individual's "Full Name", "Address", "Bank Account Number", "Birthdate" and "Social Security Number" to identify who a person is.
  • For example: A machine would not be able to tell that the two sets of data entered below, were entered by two different people.

Person A

Person B

Putting it all Together

You could say that, to a machine, the digital version of you looks a bit like this fully-assembled Mr. PII-tato Head, with each body part representing a different piece of your PII. If all of the right pieces are there, it must be you!

Instructions
On the next page, you will see a fully-assembled Mr. PII-tato Head, which represents you, and a blank Mr. PII-tato Head, which represents an imposter. Your job is to make the imposter look like you by dragging and dropping pieces of your PII onto the blank Mr. PII-tato Head.

You

IMPOSTER

Great job! Click the Continue arrow to continue.
Full Name
Nickname
Social Security Number
Dream Job
Cat's Name
Birthdate
Bank Account Number
Cousin's Facebook Password
What You Ate For Dinner
Address
Favorite Ice Cream Flavor
Best Friend's Name

Why is Securing PII Important?

  • You probably deal with PII all the time at work. Names, addresses, and birthdates of customers, and even your own co-workers.
  • While some pieces of PII my be considered less sensitive than others, they all make up an idividual's identity and the accumulation of enough PII typically results in identity theft.
  • With a stolen identity, a thief could: take out loans, change billing addresses and get a driver's license... All under the victim's name!

PII Safe Handling Tips:

  • Never store PII as clear-text -- including in Word/Excel documents.
  • Apply the Need-To-Know principle -- only access and share PII if it is really necessary to perform your job duties...not just purely out of curiosity!
  • Make sure to lock your workstation whenever it is not in use.
  • When disposing of documents containing PII, make sure they are shredded before being thrown out.

Zap the unsafe ways to handle PII!

Only access PII on a need-to-know basis

Store PII as clear-text.

Lock your workstation when not in use

Start looking at customer data because you're bored at work

Throw away a completely readable, unshredded document with customer data in the trash

Great job! Click on the Continue arrow to continue.

Things to Remember:

  • PII is any information that could be used to identify an individual.
  • Be sure to store PII in a secure location!
  • Ensure that access to PII is only given to those who need it.
Continue
Go back