Aug 07, 2022 By Susan Kelly
Businesses, governments, and individuals have all been affected by advances in technological platforms. There has been a boom in the availability of all kinds of data thanks to digital instruments like cell phones, the Internet, e-commerce, and social media.
Firms are collecting, analyzing, and processing so-called "big data" and sharing it with other businesses. Big data has supplied firms with a lot of knowledge about effectively communicating with their customers.
Data breaches and cyberattacks are on the rise as more organizations discover their data's value in the big data age. As a result, questions have been raised about how businesses handle customers' private information. While regulators seek new regulations to protect consumer data, people seek more anonymous ways to stay online.
Information that can be used to identify an individual (PII) is classified as either sensitive or not. Personal legal statistics, such as the following:
The above list is not all-inclusive. Data sharing companies typically utilize anonymization techniques to encrypt and obscure PII so that it can be received in a non-personally identifiable form when shared with other organizations. Insurance companies who share their customers' information with a marketing firm will ensure that only information relevant to their aim is left behind, masking the sensitive PII.
Direct or non-sensitive PII can be easily found in phonebooks, online, and corporate directories because they are accessible to the general public. A few examples listed below are considered non-sensitive or indirectly personal information.
Quasi-identifiers and examples of non-sensitive information, such as those on the above list, can be made available to the general public. Using this information alone is not enough to identify an individual.
Even if the information isn't sensitive, it can still be linked. A person's identity can be revealed by combining non-sensitive data with other personal linkable information. These strategies tend to be more successful when many sets of quasi-identifiers can be cobbled together and utilized to differentiate one person from the next.
In the coming years, the regulation and protection of personally identifiable information (PII) will be a major concern for individuals, businesses, and governments.
Various countries have enacted several data privacy laws to establish restrictions for businesses that collect, keep, and exchange personal information about their customers. According to several of these laws' fundamental principles, personal information should only be gathered in extreme circumstances.
There are rules to ensure that personal information is kept private and should not be shared with third parties that cannot guarantee security.
Cybercriminals breach data systems to access personal identifying information (PII) sold to unsuspecting buyers on dark web marketplaces. A data breach resulted in the theft of over a hundred thousand taxpayers' personal information (PII) from the IRS in 2015.
The criminals could access an IRS website application by answering personal verification questions that should have only been known to the taxpayers, using quasi-information taken from several sources.
Sometimes, a service provider isn't solely responsible for protecting personal information (PII). In some situations, it may be made available to the person.
Many criminals find unsuspecting victims' personal information (PII) by sifting through unopened mail in the garbage. They can use this to get a person's name and location. This information may also reveal people's work, banking, or social security numbers.
The Internet is a key source of identity theft in today's world. The attacker has succeeded when someone is tricked into divulging personal information like their name, bank account number, password, or social security number through a phishing or social engineering attack. Deceptive phone calls and SMS messages can also be used to steal this information.
PII might mean different things to different people around the world. Specific jurisdictions have different approaches to protecting individual privacy, as seen by the following:
In this country: United States
A person's name, social security number (SSN), and biometric data will be considered "personally identifiable" in the United States by 2020, as will any other information that can be "used to distinguish or trace an individual's identity," such as their date of birth or where they were born.
Europe
The General Data Protection Regulation (GDPR), enacted in May 2018, widens the term to include quasi-identifiers. There are strict requirements for collecting and processing personal information for EU citizens under the GDPR framework.
Australia
The Privacy Act of 1988 ensures the privacy of individuals' personal information. This law can collect, store, use, and disclose personal information by the federal government and the private sector. Regulation of the use of healthcare identifiers was added in later modifications, along with requirements for companies affected by patient data breaches.
Canada
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs commercial purposes. As a general rule, this is any information that can be used to identify you as an individual.