Home » Blog » How to Protect Personally Identifiable Information (PII)

How to Protect Personally Identifiable Information (PII)

Advancements in today’s technology have accelerated the rate at which personal information is obtained and made available. Every action taken online can be traced back to the individual, including personally identifiable information (PII). Here’s how to protect this important data. data breach  

What is PII?

In short, PII is any information that can be used directly or indirectly (by combining data from various sources) to identify an individual. Both sensitive and non-sensitive data are defined as PII. Additionally, genetic and biometric information falls under the category of PII.  

What is considered sensitive PII?

Sensitive PII is unique to each individual. When this data falls into the wrong hands, it can be used by the malicious offenders to harm an individual’s financial or personal welfare. Criminals have a high interest in capturing this data, which is why companies are required to secure it. The following are types of PII data:
  • Personal identification numbers such as social security numbers, passport number, driver’s license number, and taxpayer identification number.
  • Patient identification numbers, financial account numbers, and credit card numbers
  • Home address and telephone number.
  • Email address and internet account number
  • Biometric data, including fingerprints, retina scans, voice signatures and facial geometries
  • Photographs and handwriting (ie, signatures)

Which designation includes PII and PHI?

Personal health information (PHI) is considered sensitive PII. Medical patients have a host of sensitive PII, like medical record numbers, medical histories, test results, and health insurance beneficiary numbers. When paying for health services, the patient’s payment information is deemed PII. PHI is obtained by healthcare providers, life insurers, schools, universities, or healthcare clearing houses. This type of data relates to the past, present, or future health of the individual. PHI can be transmitted electronically or maintained electronically and identifies individuals.  

What is considered non-sensitive PII?

Non-sensitive PII causes less harm to the individual and can therefore be sent unencrypted. This type of data includes information that can be easily obtained from public sources, such as phone listings, company directories, and websites. Usually, non-sensitive PII data is freely distributed. Date and place of birth, geographic location, religion, ethnicity, and sexual orientation are types of non-sensitive PII. A business email or mailing address, employment information, and data regarding an individual’s education can be readily obtained and is considered to be non-sensitive PII. However, non-sensitive PII can be just as damaging to an individual when it is linked with sensitive PII and used maliciously by fraudsters. It is in the best interests of individuals to protect both their sensitive PII and non-sensitive from unnecessary exposure.  

How do criminals use PII?

Malevolent con artists, cyber criminals, and identity thieves can use PII in several ways. Financial scams include applying for loans and lines of credit, using stolen credit card information to make purchases, stealing tax refunds, and draining financial accounts, among other crimes. Synthetic identity theft is a fast-growing financial crime in the US. Stolen PII is combined with fake details and personal data from other individuals to manufacture a brand-new identity. For example, an SSN can be cobbled together with a fake name and address to create a new persona. Selling stolen PII on the dark web is big business for hackers. Social media credentials, credit card numbers, and even seemingly inconsequential Netflix passwords are sold by bad actors on the dark web. Criminal and financial gain motivate these fraudsters to gain access to PII.  

What are steps to protect PII?

Making a conscious decision to protect PII falls on the shoulders of both consumers and companies. Corporations must properly configure firewalls and access permissions, apply security updates, and ensure access to only authorized users in order to prevent attackers from accessing PII. Consumers should also take responsibility to protect their PII. Unauthorized access to personal information can be averted by creating unique, complex passwords for all online accounts. Share information cautiously, especially on social media platforms. Avoid oversharing PII online. Practice extra caution when responding to unsolicited requests for personal information. Update security software regularly to thwart hackers seeking vulnerabilities in operating systems and applications. Be aware of the latest cybersecurity best practices as well as common scams and threats. Understanding potential risks keeps everyday consumers from falling victim to cybercrimes. Companies, particularly, have access to a large store of consumer personal data. Since they have the ability to collect PII, they also have the responsibility to safeguard it. Without proper protections in place, security breaches can occur and leave scores of PII exposed to criminals. Data breaches are not uncommon and can affect victims for years after the initial attacks. Consumers whose PII is compromised can suffer innumerable injustices, such as identity theft and penalties issued by health insurers. Credit card numbers may be stolen, leading to financial harm.  

Contact Anderson + Wanca

When you discover that you are a victim of a data breach, turn to the attorneys at Anderson + Wanca. Our lawyers are experienced in class actions lawsuits that lead to settlements for victims of PII data breaches. We fight for your right to just financial reimbursements. The class action attorneys at our firm handle your case from start to finish. We perform thorough investigations to gather the necessary evidence to back up your case. Our lawyers also manage legal claims. If you want to participate in a class action lawsuit, we help you navigate the process. Data breaches can be time-consuming to overcome, considering the negative impacts can last for years. But when the class action lawyers from Anderson + Wanca are on your side, you can be confident that you have a qualified legal team representing your best interests. Do not delay contacting Anderson + Wanca once you’ve been notified of a data breach. Companies should be held accountable for failing to enforce appropriate security measures. Contact our Illinois law firm today to schedule a free consultation and move your case forward.