What Qualifies as Personally Identifiable Information?
Personally identifiable information (PII) is anything that might contain direct identifiers, which can precisely pinpoint someone’s identity, such as data necessary for a driver’s license or a passport. Information on such identification cards, books, or other documentation might include their home address and social security or driver’s license number.
Quasi-identifiers, such as information regarding racial heritage, can be combined and used with other quasi-identifiers, including date of birth (DOB), to identify an individual successfully.
Here are the primary types of PII businesses use to identify individuals:
- Full name
- Mailing address
- Telephone number
- Email address
- Medical records
- Financial information, such as credit card numbers, bank accounts, or credit report information
- Passport information, such as places and dates of travel
- Internet account numbers and passwords
- Biometric information
Non-sensitive and indirect PII includes the previously noted quasi-identifying information, which is often a matter of public record or so anonymously collected that it is not easily tied to an individual on its own.
Here are some examples of non-sensitive PII:
- Date of birth
- Place of birth
While each of these quasi-identifiers can serve as a tool in identifying an individual in conjunction with direct identifiers, they are of little value to bad actors on their own. Many non-sensitive PIIs are components of a driver’s license, passport, or billing record. Still, without a direct identifier, the best hackers often meet a dead end when attempting to use them for fraudulent purposes.