What is personally identifiable information (PII)?

Personally identifiable information, or PII, is personal data that can be used to identify or trace an individual either directly or indirectly when combined with other information. Direct identifiers include names and Social Security numbers (SSNs). Indirect identifiers are things like birth dates, locations and IP addresses.

If your PII isn’t properly managed, it could leave you vulnerable to identity theft.

What you’ll learn:

• PII may be linked to your identity directly (like your birth certificate) or indirectly (like your address).

• Indirect, or nonsensitive, PII can’t directly identify you, but it could be combined with other information to reveal your identity. 

• Cybercriminals could use PII to apply for loans, open credit cards or withdraw from your accounts, among other things. 

• There are steps you can take to help protect your PII, like using secure networks and passwords.

The Consumer Financial Protection Bureau (CFPB) defines PII as information “that can be used to distinguish or trace an individual’s identity.” That includes any direct identifiers (like full names) or indirect identifiers (like zip codes). 

Storing and sharing your PII online can make it easier to access medical records, pay bills or work remotely. But it also poses risks. Data breaches and cyberattacks can expose that information. Malicious actors could then use PII to open credit cards, withdraw money from accounts and more.

PII can be broken down into two categories: sensitive and nonsensitive. These categories relate to the amount of harm exposure could cause. Direct identifiers are usually classified as sensitive PII.

Sensitive PII includes any data that can be directly linked to your identity. Here are some examples:

• Bank account number

• Birth certificate

• Credit card information

• Driver’s license

• Full legal name

• Medical records

• Passport

• SSN

Nonsensitive PII can’t be used alone to directly identify someone. But when it’s combined with sensitive information, it may reveal a person’s identity. 

For example, many people share the same birthday, so that information alone isn’t sufficient to directly identify someone. But when a person’s birthday is combined with their full legal name, their identity could be exposed. 

Other examples of nonsensitive PII include:

• Address

• Ethnicity

• Gender

• IP address

• Public phone numbers

Privacy laws require organizations to safeguard sensitive information. The U.S. has industry-specific laws like the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare industry and the Gramm-Leach-Bliley Act (GLBA) in the financial sector. In Europe, the General Data Protection Regulation (GDPR) governs how all PII is collected, processed and stored.

But there’s also a lot you can do to protect your digital and physical data from breaches, identity theft and unauthorized access. The Federal Trade Commission (FTC) and Washington Technology Solutions, whose Office of Cybersecurity helps protect state networks from cyber threats, offer these ideas:

• Encrypt sensitive data: If you need to store or transfer sensitive data, most devices have encryption options in their security settings. You could also research online tutorials and encryption software tools.

• Use strong passwords and two-factor authentication (2FA): Create unique passwords for each account and enable 2FA when available for an extra layer of security. 

• Avoid public Wi-Fi: Some public Wi-Fi networks may not be secure. Avoid accessing sensitive accounts on public networks unless you’re using a secure connection, such as a VPN.

• Be aware of common scams: Recognize common scams and avoid phishing emails, calls or text messages. 

• Securely keep and destroy physical files: Avoid leaving sensitive papers unattended. When disposing of physical files, consider shredding paper documents and physically destroying or wiping clean old hard drives.

• Monitor your financial statements: Check your financial statements for fraudulent charges and report issues to your financial institution. When it comes to your credit, you can visit AnnualCreditReport.com to get free copies of your credit reports. CreditWise from Capital One can also help you monitor your credit. It’s free and easy to use, even if you’re not a Capital One cardholder.

PII is information that can be used to identify people either on its own or in combination with other information. 

With CreditWise, you can keep track of your credit score and credit reports. It can also alert you if your PII is detected on the dark web.