Recently, during our meetings with all the departments about the need for an inventory of systems of record that store or create Personally Identifiable Information, or PII, many were surprised to learn that even something as simple as a name is considered PII. Most people assume PII is limited to serious details like social security numbers or credit card information, but in today’s digital world, every detail can carry risks.
Personally Identifiable Information (PII) is any information that can be used to distinguish or trace a person's identity. This includes names, addresses, phone numbers, and biometric data like fingerprints and facial recognition. We are talking about information that when combined with other information like the previously listed, can then be used collaboratively to identify a specific individual. For example, a common name like Maria may seem harmless on its own, but when combined with other information, it can easily lead to someone’s identity being discovered.
In 2022, roughly 282 million people experienced some sort of data breach, leaving them vulnerable to a variety of crimes, such fraudulent credit card charges, compromised bank account, hacked email and social media accounts, unauthorized applications for loans or lines of credit, or fraudulent tax return filings, among others.
There are many reasons to keep your personal information private:
- Prevent Identity Theft: With over 1.1 million cases of identity theft reported in 2022, it’s crucial to protect your personal information. Share only what’s necessary, fill out only required fields in forms, and don’t give your info to unsolicited callers or emails.
- Secure Your Finances: Cybercriminals are always on the lookout for banking details. Safeguard your accounts by using strong passwords (at least 12 characters with a mix of letters, numbers, and symbols) and enabling two-factor authentication. Also, only log into banking sites over secure networks, and avoid saving payment info online. A good idea that is not widely known is freezing your credit. By doing so, you create a barrier that makes it much harder for identity thieves to open new accounts in your name. Just like locking your doors adds an extra layer of security to your home, freezing your credit protects your financial identity from unauthorized access. You can always lift the freeze temporarily when you need to apply for credit.
- Avoid being a target of Theft: Most burglaries happen during the day when people are out, so it’s best to be mindful about posting vacation plans on social media. Share those amazing travel photos from your trip to Spain after you return home, so that you don’t advertise when your home is empty. Similarly, be cautious with your out-of-office messages; an automated response revealing that you're away can attract unwanted attention. Just as you wouldn’t leave a big note on your door announcing your absence, avoid broadcasting your unavailability online. Cybercriminals actively monitor social media and email notifications, using this information to pinpoint when you're most vulnerable.
- Stay Ahead of Future Threats: Digital privacy is constantly evolving, and you never know what might happen. Protect yourself by blocking third-party cookies, making your social media accounts private, and thinking twice before sharing anything online. Remember, even if you delete something, it might still be out there.
While you need to be proactive about protecting your information, it’s also good to know that there are regulations in place. In the U.S., we don’t have a single federal law governing PII; instead, there’s a mix of laws aimed at protecting your data:
- Federal Trade Commission Act (FTCA): Addresses deceptive practices in how companies collect and store PII.
- Health Insurance Portability and Accountability Act (HIPAA): Focuses on how personal health information is handled.
- Children’s Online Privacy Protection Act (COPPA): Sets rules for collecting data from kids under 13.
- Fair Credit Reporting Act: Regulates how credit agencies manage your data.
- Gramm-Leach-Bliley Act (GLBA): Governs data practices for financial institutions.
- Privacy Act of 1974: Controls how federal agencies handle personal information.
These laws are designed to keep companies accountable, but it’s up to you to stay informed and protect yourself. The less personal information you share, the safer you’ll be from potential threats.
In our digital world, every piece of information can be a double-edged sword. What might seem harmless could lead to serious consequences if it falls into the wrong hands. By being mindful about what you share, you can better safeguard your identity and financial security. In next week’s discussion, we will provide some instructions on how to protect yourself from the threats in this article. Until then, stay safe out there!