PII

Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

PII is data which can be used to identify, locate, or contact an individual and includes information like name, date of birth, place of residence, credit card information, phone number, race, gender, criminal record, age, and medical records. Every organization stores and uses PII, be it information on their employees or consumers. Even schools and universities will store the PII of their students, while healthcare providers will store patient data.

The PII your organization stores is highly attractive to would be attackers who can sell PII on the black market at a handsome price. PII can be used for any number of criminal activities including identity theft, fraud, and social engineering attacks. It goes without saying that it is absolutely vital that individuals and organizations protect their PII. Failure to secure PII leaves you open to highly targeted social engineering attacks, heavy regulatory fines, and loss of consumer trust and loyalty.