ProtonBlog(new window)
Abonneren via RSS

Personally identifiable information: What it is and how to protect it

Fergus O'Sullivan(new window)

deze pagina delen

If you’re a little tech savvy, you probably know you need to protect personally identifiable information, also known as PII. But what is considered personally identifiable information exactly? And how can you best protect your personal data(new window)?

What is PII?

Personally identifiable information can be defined as any data that can identify an individual. It’s different from personal data in that personal data can be any information you want to keep private, while PII is data that can be used to track you online — or even offline.

PII includes data that can identify somebody by itself, like a person’s name, but it could also be data points that can identify someone when combined with other data (see indirect PII below). A good example is a birth date or your IP address(new window)

How identifiable any piece of information is can be a subject of debate, however. For example, the United States Department of Labor(new window) maintains a different set of criteria from the European Union’s General Data Protection Regulation(new window) (GDPR). In general terms, though, we can consider these types of information directly identifiable (note that this list is by no means complete):

  • Name and surname
  • Taxpayer number (SSN in the US)
  • Passport or other ID document number
  • Email address
  • Personal address
  • Phone numbers
  • Bank account or card numbers
  • Birth date

You could even include biometric data on this list, or photographs that clearly show your face. Pretty much anything that another person or a computer could use to make a nearly direct identification of you as a person is PII.

Indirect PII

On top of this there’s also more indirect PII, which can be used to puzzle together who you are along with other data points — hence why it’s also known as “linked” data. Note that the line between what’s direct and indirect personally identifiable information can be a little blurry, depending on different regulatory authorities, and in which situation the PII is being used.

  • Date or place of birth
  • Mother’s maiden name
  • IP address
  • Race or religion
  • Financial information
  • Education data
  • Political information (trade union membership or party affiliation, for example)

It should be noted that different entities may have different opinions on how important this information is. For example, the GDPR is a lot stricter concerning political data than the US, as union organizers(new window) have found out. Some other countries, especially those with strong clerical establishments, will have religious affiliation even on ID cards.

How PII can be used against you

As you can imagine, your personally identifiable information can be used against you. There are more than a few parties interested in getting their hands on people’s PII for their own ends. Let’s go over some of the worst offenders.

Big Tech

The biggest collectors of data are probably companies like Google(new window), Microsoft(new window), Apple(new window), Facebook(new window), and others who make their money selling ads. The more effective the ad, the more money it makes, giving these companies a lot of incentive to know a lot about you so they can better target ads. 

The result is something called surveillance capitalism(new window), where PII is just another commodity to be traded, like lumber or oil or steel. As the basis of these companies’ business strategy, this way of using people’s data for their own gain isn’t going anywhere, either.

Data brokers

Assisting Big Tech are data brokers, who help collect, bundle, and sell people’s data, often working directly with these giants (here’s just one example(new window)). They’ll take data from the web, add it to publicly available information — land registries or even phonebooks — and sell it off in bundles. There’s little you can do about it, with some of the biggest players in this space even lobbying government(new window) to not pass privacy measures.

Cybercriminals

The last group interested in PII are cybercriminals, who often want to use it for phishing attempts(new window). In these cases, your personal information is used to gain your trust (or that of somebody close to you) so you’ll give up something the attackers want, usually money or access.

For example, somebody pretending to be a family member suddenly urgently needs money, or you get an email from a colleague needing to use your credentials. The more the attackers know about you, the more convincing these scams are.

PII protection

Protecting your personally identifiable information is important. Thankfully, it’s something that’s relatively straightforward to do. While you won’t be able to stop the activities of data brokers single-handedly, there’s a lot you can do to secure your information.

This is where Proton comes in. We’re a security and privacy-focused company that offers several products you can use to keep yourself safe online. For example, our VPN(new window) will protect your true IP address so you can no longer be tracked in this manner, while our secure mail service, Proton Mail uses state-of-the-art encryption to keep your email from being intercepted.

To protect your online identity(new window), we offer Proton Pass. As a password manager it makes sure you always have strong, random passwords, but thanks to its use of email aliases it also gives you the option of hiding your email address when signing up for new accounts. Using aliases takes away a very important identifier for data brokers and other online predators.

Finally, our secure cloud storage service, Proton Drive, can help you store digital copies of any important documents, photos, or videos. Thanks to our use of end-to-end encryption(new window) across our services, whatever you keep in our cloud can be seen only by you; even we don’t have access to it. This means that even if there’s a breach, all the attackers will get away with are encrypted files.

Proton Drive is the best possible place for all your personally identifiable information also because when you do decide to share it(new window), you have a lot of control. Not only can you fine-tune who gets to see it, you can terminate sharing whenever you want or even decide to let sharing expire on a set date and time.

We can offer these kinds of features because, unlike many of our competitors, we’re entirely funded by you, our community. We don’t have shareholders pushing us to sell personal data to turn a quick buck, we just need to make sure our product is good enough so you’ll stay. If that sounds like something you would want to be a part of, join Proton today. Drive offers up to 5GB of storage for free.

Houd je bestanden privé en deel ze veilig
Gebruik Proton Drive gratis

Gerelateerde artikelen

en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
  • De basisbeginselen van privacy
What is a brute force attack?(new window)
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
en
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
en
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
en
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
en
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage