What is Personally Identifiable Information? (And How to Protect Yours)

Personally identifiable information could make you vulnerable to identity theft if not managed carefully.
Christy Rakoczy, Author
Melinda Sineriz, Editor
Last updated May 26, 2022

Personally identifiable information is information that allows someone to determine your identity either directly or indirectly. Personally identifiable information is also known as PII, and it can include details such as your name, address, or Social Security number (SSN).

Some PII is very sensitive as it could make you vulnerable to identity theft. In some cases, rules are in place to ensure that the third parties that you provide personally identifiable information to protect that information and keep it secure.

This guide will explain what PII is, how you can protect yours, and why you would want to.

In this article
Examples of PII
What is PII used for?
How is PII used in identity theft?
How can you keep your PII safe?
Personally identifiable information FAQs
Bottom line

Examples of PII

Personally identifiable information is defined to include any information that directly or indirectly could be used to identify you.

Examples of PII include:

  • Your name
  • Your address
  • Your telephone number
  • Your Social Security number
  • An identifying code, such as your healthcare member ID number
  • Your email address (if it includes your full name)
  • Your place of birth
  • Your mother’s maiden name
  • Your passport number
  • Your medical records

Some information, such as a birth date, could be considered personally identifiable if combined with other information that distinguishes an individual’s identity from others with the same birthday.

PII can be found in a wide variety of places, including:

  • Student or personnel records
  • Health insurance forms
  • Job applications
  • Credit card sales records
  • Computers
  • Phones and tablets
  • Passports and driver's licenses
  • Social media

Some personally identifiable information is considered "sensitive" because it contains information that could put you at risk of identity theft or a breach of your privacy.

Examples of sensitive PII include:

  • SSNs
  • Credit card numbers
  • Financial account numbers
  • Security or access codes
  • Passwords
  • Medical information
  • Health insurance information
  • Driver’s license numbers

There are special laws protecting this type of information. For example, in California, if your personally identifiable information is compromised, the party responsible may need to notify you. Other laws, such as the Health Insurance and Portability Act (HIPAA) protect specific types of PII by imposing rules designed to ensure the information is kept private.

Is PII the same as personal data?

The term "personally identifiable information" is widely used in the United States. It’s used in privacy laws and security rules for the collection and storage of an individual's data.

Other countries protect "personal data" rather than just "personally identifiable information." For example, the General Data Protection Regulation (GDPR) applicable in the European Union establishes safeguards for personal data and defines it as "any information" that relates to an identifiable natural person and that can directly or indirectly identify that individual.

Personal data under GDPR laws includes names, addresses, identification numbers, and location data and other factors specific to the physical, mental, economic, cultural, or social identity of an individual. The GDPR's definition of personal data is more specific and broader than the definition of personally identifiable information in the U.S., and PII is considered a subset of personal data under the EU's rules.

What is protected health information (PHI)?

Protected health information is a subset of PII. PHI includes any individually-identifiable health data created about a patient by an entity covered by HIPAA.

Examples of PHI include:

  • Demographic data
  • Medical test results
  • Insurance information
  • Medical histories
  • Any information that could be used to identify a patient, including:
    • Names
    • Phone numbers
    • Social Security numbers
    • Account numbers
    • Certificate or license numbers
    • Biometric identifiers
    • Any other unique identifying characteristics or codes
  • Any information that could be used to provide healthcare services

HIPAA's privacy rules apply to health plans, health care providers, and business associates of these entities. Anyone subject to HIPAA's privacy rules must follow strict protocols for securing information, including safeguarding documents, limiting access to files, and not releasing information to anyone but the patient except in limited circumstances, such as when there is an immediate risk of harm.

What is PII used for?

Personally identifiable information can be collected under many different circumstances.

For example, companies or government agencies may collect personally identifiable information:

  • When job applications are submitted
  • As part of customer surveys
  • As part of user experience research
  • When email messages are submitted
  • When you submit an application for a loan or a credit card
  • When you shop online
  • When you create a social media account
  • When you take online quizzes
  • When you download or use an app on your phone

Your information may be used for a number of reasons, from facilitating the sale of products or services to providing you with health care to tailoring ads online.

How is PII used in identity theft?

If your personally identifying information falls into the wrong hands due to a data breach, you could become the victim of identity theft.

Hackers use cyberattacks and other measures to gain access to the databases of companies that have collected your PII legitimately. Phishing emails could be used to get you to provide your personally identifying information.

Or dishonest actors could obtain your personally identifying information from social media, especially if you do not make your profiles private and you share a lot of details online about your life and family.

Once someone with bad intentions improperly obtains your PII, it could be used to take out debt, obtain medical services, take money out of your bank account, or even assume your identity.

How can you keep your PII safe?

If you want to keep your PII safe, there are a few key steps that you should take to make sure your sensitive information doesn't fall into the wrong hands.

Use multi-factor authentication

Multi-factor identification, or two-factor identification, helps to improve your data privacy. With multi-factor identification, a username and password aren't enough to log into accounts. After a user name and password are entered, the website will then send a security code to an email address, authentication app, or mobile device. You must enter the code to gain access.

Use a password manager

Having strong passwords lowers the chances of thieves guessing your login details and gaining access to your accounts. The strongest passwords are usually strings of random numbers and letters rather than words or number patterns that are easy to remember — and easy to guess.

A password manager allows you to create long passwords with random characters while storing those secure passwords so you don't have to remember them. Using a password manager makes it easier to create secure passwords and makes it easy to follow the best practice of creating a unique password for every website you use.

Use a VPN on public Wi-Fi

When using public Wi-Fi, it can be easier for hackers to access your information since the website may not be secure. A VPN, or virtual private network, can be used to help secure your details, as VPN apps can encrypt your data.

Install identity theft protection software

There are software programs available that help you to prevent identity theft. This could include services that provide notifications of suspicious activity and monitor your accounts for unusual activity. There are also browser add-ons or plug-ins that force your browser to use encryption even on websites that don't offer it.

Limit what you share online

To stay safe online, you'll want to be careful about what you share publicly. You should avoid posting ID cards or other sensitive data on social media. You'll also want to be careful about answering online quizzes or surveys, and make sure you don't overshare personal details that scammers could use to create fake accounts in your name.

Personally identifiable information FAQs


+

What is considered PII?

Personal identifiable information is information that could be used to identify an individual, trace someone's identity, or distinguish an individual from others. It can include someone's name, Social Security number, tax ID number, personal phone number, address, photographs, biometric records, or handwriting.


+

Is my IP address considered PII?

An IP address is considered personally identifiable information if it is consistently linked to a specific individual. In these circumstances, knowing an IP address could be used to identify an individual.


+

Is my date of birth considered PII?

A date of birth by itself is not considered PII since others may share the same characteristic. However, it could be considered sensitive personal information since it is linkable to other details such as a person's full name, telephone number, or photographic images.


+

Is my email considered PII?

An email address can sometimes be considered PII if it includes information that could be used to identify a person. For example, an email address that contains a full name would be classified as personal identifiable information.

Bottom line

Your personally identifiable information is likely shared with many companies both in person and online. But that doesn't mean you can't or shouldn't take cybersecurity steps to ensure your data doesn't fall into the wrong hands and put you at risk of identity theft.

Follow the recommended steps to safeguard your personal details and lower the chances of scammers gaining access to your financial information and other data and creating a lot of headaches for you to resolve.

Author Details
Christy Rakoczy
Christy Rakoczy is an identity theft expert with more than a decade of experience writing about cybersecurity issues and laws surrounding identity fraud. She has a law degree from UCLA and is a former college instructor who taught courses focused on legal issues surrounding internet privacy.