Skip to content

What is PII or Personally Identifiable Information?

  • Technology platforms advancement has changed the way companies operate, governments legislate, and individuals relate. With digital tools such as smartphones, internet, e-commerce and social networks, we have seen an explosion in the supply of all kinds of data and information.
  • The emergence of Big Data has increased the number of data breaches and cyber attacks by entities that realize the value of this information. As a result, concerns have arisen, particularly how companies deal with confidential information from their workers, suppliers, customers and consumers. If, on the one hand, regulatory agencies seek to emanate new legislation that contributes to data protection, on the other hand, the users are looking for anonymous ways to stay digital

What is considered PII (Personally Identifiable Information)?

Personally Identifiable Information (PII) is any information that can be used to identify an individual, applied autonomously, separate from all others. Such as:

  • Name (full name)
  • Address
  • E-mail
  • Phone number
  • Date of birth
  • Passport Number
  • Biometric data: Fingerprint, facial, iris, voice, retina and typing recognition
  • Driver’s license number
  • Debit or credit card number
  • Social Security number
The above list it’s not exhaustive. In fact, companies that share data about their customers, typically use anonymization techniques to encrypt and overshadow PII so that they can be received in an unidentifiable way.

PII can be used alone or in conjunction with other relevant data to identify an individual and to be generated from direct identifiers. Examples of this are information from the citizen card, which identifies a person exclusively or through almost identifiers, (such as gender), and the latter may be combined with other almost identifiers, (such as date of birth), to successfully recognize an individual.

Why should PII be protected?

The protection of PII is essential for the privacy of its owner, privacy and protection of personal data, information privacy and, also, information security. With only some of an individual’s personal information, cybercriminals can, among many other illicit activities, create fake accounts on behalf of the person, take on debts, create a fake passport, or sell a person’s identity to another criminal.

Several data protection laws have been adopted by several countries to create guidelines for companies that collect, store and share the personal information of the data subjects with whom they relate. Some of the basic principles described by these laws state that certain confidential information should not be collected except in extreme situations.

Personally Identifiable Information vs. Personal Data

Personal data covers a wider range of contexts than PII. For example, IP address, device identification numbers, browser cookies, online alias, or genetic data. Certain attributes, such as religion, ethnicity, sexual orientation, or medical history, may be classified as personal data, but not as personally identifiable information (PII)

What is a PII violation?


PII violations are illegal and often involve fraud, such as identity theft. Violations may also result in unauthorized destruction, loss, alteration, access, use, or disclosure of PII. Failure to report a PII violation can also be a violation.

What to do when sending PII by email?

Because email is not always secure, avoid sending PII through this way. If necessary, use encryption or secure verification techniques, such as a password-protected document.

What other measures can you take to protect your PII?

  • Avoid sharing personal information on social networks
  • Use strong and complex passwords and/ or multi-factor authentication and change them regularly
  • Browse in private mode and beware of public WiFi networks
  • Keep your antivirus up to date
  • Beware of phishing schemes
  • Regularly check your bank statement

Read our EBook How to identify and protect your sensitive data