Personally identifiable information (PII) is any information that, when used alone or with other information, can identify a specific person. Examples of PII include full names, Social Security numbers (SSN), bank account numbers, and email addresses.
With the emergence of more and more data, companies leave themselves potentially exposed to data breaches that can result in the loss of PII. It’s crucial that companies handle customers’ sensitive information carefully, and many regulatory bodies require them to do so.
PII that can be used alone or with other relevant information to identify a specific person is called direct identifiers or sensitive data. Examples of direct identifiers include SSNs, passport information, driver’s licenses, biometric data, mailing addresses, and credit card information. Direct identifiers, when disclosed to harmful actors, can result in possible dangers to an individual and must be handled with extreme care.
Quasi-identifiers or non-sensitive data are information that can be combined with other quasi-identifiers to recognize a specific person. Examples of quasi-identifiers include race and gender, zip code, date of birth, and religious preference. Quasi-identifiers can be easily gathered from phone books and other public records and directories.
Exposed PII can be used for a number of malicious purposes that include selling data on the dark web, committing identity theft and other fraudulent uses of information, faking important documents, and opening fake accounts as the specific person.
As a response to these dangers, many companies have defined privacy policies that specifically address how they gather and dispose of PII. Lawmakers have also enacted legislation, such as the General Data Protection Regulation (GDPR) in the European Union, in an effort to limit the accessibility of PII and to hold organizations accountable for the PII data they collect.
Protected health information (PHI) includes information used by medical firms that identify patients, including their name, address, birthday, and medical records. For hackers, PHI also offers a wealth of direct and quasi-direct identifiers that can be sold and used to hold patients hostage to payoffs. Similar to PII, PHI must be protected and handled with the same level of confidentiality.
Companies that use and store PII normally anonymize the data, which involves encrypting and obfuscating the PII. By anonymizing sensitive data, companies can ensure they’re adhering to regulations and focusing on only the information that relates to a company’s goals.
You can also take steps to mitigate your vulnerability to hackers. They include:
Authorization refers to the policies that dictate what users can access when they use a system or application. Authorization is used as a ...