What Is PII? Everything You Need to Know

If you’ve ever heard of PII (personally identifiable information), it’s likely been a story about a data breach in a company’s digital network or identity theft from a person’s credit card.

When personal data ends up on the dark web, it can take months or years to clean up the damage. Thus, e-commerce merchants must take stringent measures to ensure the security of their personal information and that of customers and employees.

To better manage the data you collect, you need a thorough understanding of PII.

Different Categories of PII

In general, PII covers sensitive information that can be used to identify an individual, and it is divided in two categories:

1. Sensitive PII

This includes any information that directly and objectively identifies an individual, including legal statistics such as:

• Full name
• Social Security Number (SSN)
• Driver’s license
• Mailing address
• Credit card information
• Passport information
• Financial information
• Medical records

Bulleted List

2. Non-sensitive PII

Also referred to as indirect PII, this type of information is freely available from public sources such as phonebooks, the internet, and company directories. When coupled with another data item, it can distinguish a person but is insufficient to positively identify them. For instance:

• Zip code
• Race
• Gender
• Date of birth
• Place of birth
• Religion

Bulleted List

Any data that cannot be used to identify a specific individual or customer falls under this category. Non-sensitive PII is also known as anonymous data, which companies typically use in advertising applications. Businesses that share client data for advertisements typically use anonymization techniques to encrypt the PII so that it is received in an unidentifiable form.

In e-commerce, PII is usually associated with collecting data to easily identify customers and tailor marketing communications to their interests. Customer data can also be used to improve the shopping experience by displaying relevant goods or speeding up the checkout process by storing relevant information.

However, retailers can safely assume that most customers would not choose to share their PII. If they really need to, it would be the bare minimum, and they would prefer it not be saved for future marketing purposes.

The Importance of Securing PII

PII is a valuable asset used in identity theft. As a retailer, protecting PII is your responsibility. Failure to do so could lead to serious consequences.

A staff member with website access will typically have a pass to a customer’s confidential and sensitive information, including their name, email, address, and phone number. This, along with their credit card or payment info, is enough to commit identity fraud.

Retailers must also realize that cybercriminals can breach data systems to steal PII, which is then sold on illegal marketplaces. Because of the exploitation and abuse of private data for profit, governments worldwide have tightened regulations on who can collect data, how it should be stored, and its use for marketing or other purposes.

All online stores dealing with customer data need an e-commerce privacy policy that can be easily accessed by customers. Even if you don’t gather personal information, it is a way to boost your business’s credibility.

In the US, the California Consumer Privacy Act is one legislation that should be on your radar. If you’re not based there, be aware of similar regulations in other economic areas.

For example, The General Data Protection Regulation (GDPR) protects those in Europe (both EU and non-EU citizens). GDPR compliance prevents companies from collecting or storing PII and other sensitive data without clear consent.

For more info about this, read Understanding GDPR and Cookie Consent in E-Commerce.

PII Violations With Examples

Though self-governance is laudable, compliance with local, regional, and national laws and regulations is just as important. Regulatory bodies have started levying hefty fines for compliance violations.

The three main types of PII violations are:

1. Identity theft The most common type of PII violation, this involves stealing someone’s personal information and using it for fraudulent purposes like opening credit accounts or taking out loans.
2. Financial fraud This is where criminals use someone’s identity to open credit card accounts, make charges on existing accounts, or even steal money from bank accounts and retirement funds by transferring it out through electronic channels.
3. Medical identity theft Offenders can also use stolen medical records to access health care benefits paid for by someone else.

Numbered List

There are plenty of ways for customers to manage their privacy online and for businesses to avoid over-sharing information—but data privacy is a concern that will only continue to grow as the world becomes increasingly connected. Businesses and consumers need to keep this in mind and pay attention to the data collection and management processes involved in every transaction.

Did you know that there are differences between PII and personal data? Read PII vs. Personal Data: What’s the Difference to learn more