Cybercheck Logo
Cybercheck  >  Blog  >  Types of PII and how they're collected
Types of PII and how they're collected

Types of PII and how they're collected

Types of PII and how they're collected
Ilaria MunariMon Dec 09 20244 min read

Personally identifiable information (PII) refers to any data that can be used to identify individual people. This includes obvious things such as names, addresses, and social security numbers. It also includes less obvious things such as IP addresses and account login credentials. PII can even include biometric data, such as fingerprints or faces.

Understanding the breadth and scope of PII is crucial for keeping it safe.

Types of PII

PII can be broadly categorized as basic or sensitive. Basic PII includes your:

  • Name

  • Date of birth

  • Email address

  • Phone number

  • Physical address

Sensitive PII includes your:

  • Social security numbers or fiscal codes are key personal identifiers and a prime target for identity theft.

  • Passport numbers identify people in official records and when they cross international borders.

  • Driver’s license numbers are used as an everyday form of ID and are linked to driving records.

  • Financial information such as credit card numbers, bank account details, and transaction histories.

  • Medical records contain highly sensitive information about your past and present state of health.

How PII is collected

Companies collect PII online for use in delivering their services, authenticating users, and marketing. For example, an e-commerce website needs your physical address to ship your order. Collection methods include:

  • Website forms:

    • Registration forms are used for creating accounts on websites. They collect names, email addresses, and passwords.

    • Contact forms are used to gather inquiries and feedback. They often ask for basic PII such as names and email addresses.

    • Subscription forms collect PII for subscribing to newsletters or marketing messages. They often require email addresses and other personal details.

  • E-commerce transactions:

    • Online shopping checkouts collect names, addresses, payment information, and sometimes additional details such as phone numbers.

    • Payment processing systems manage sensitive data such as credit card numbers and billing addresses. They require a high standard of security.

  • Social media:

    • Profile information can include extensive personal details including names, dates of birth, locations, and employment histories.

    • Content shared in posts and comments can reveal additional PII, especially photos or locations.

PII is also collected offline in various ways that also need to be managed carefully:

  • Paper forms:

    • Surveys are often used in market research and customer feedback, collecting names, addresses, and opinions.

    • Membership applications to clubs and organizations sometimes collect detailed personal information.

    • Warranty cards for product registrations collect PII such as names and contact details.

  • Personal interactions:

    • In-person interviews gather comprehensive PII during job interviews, research interviews, or other face-to-face interactions.

    • Customer service interactions collect PII during service requests, complaints, or feedback sessions.

  • Public records:

    • Voter registrations include names, addresses, and sometimes dates of birth.

    • Property records contain details of property ownership, including names and addresses.

Fraudulent collection of PII

Sometimes, PII is collected fraudulently with the intent to misuse it.

Phishing attacks trick their victims into handing over PII so that cybercriminals can use it to commit theft or fraud.

How to keep PII safe and secure

Your basic PII can be easy for other people to find. Until recently, most peoples names, addresses, and phone numbers were published in their local telephone directory.

By contrast, sensitive PII can be dangerous if it falls into the wrong hands. It must be handled carefully.

Organizations that collect PII must keep it secure. If PII is leaked or stolen, people can be exposed to the risk of identity theft or fraud. For example, the 2017 Equifax data breach exposed the sensitive PII of about 147 million people, including their social security numbers and dates of birth.

Protecting PII requires a proactive and multi-layered approach. Organizations must:

  • Implement security measures such as encryption, multi-factor authentication, and regular security audits.

  • Establish clear security protocols and ensure everyone understands and follows them.

  • Train employees on best practices for handling data, how to spot and avoid phishing attacks, and so on.

Credential monitoring solutions like Cybercheck can help. By infiltrating criminal networks, Cyberchecks analysts detect data breaches, compromised credentials, and leaked PII such as social security numbers, passport numbers, credit card numbers, and more.

If your PII has fallen into the wrong hands, Cyberheck alerts you immediately so you can diffuse the threat. For example, by prompting the changing of passwords, blocking credit cards and accounts, and so on.

Understanding and protecting PII is crucial

As the numbers of data breaches increase, understanding and protecting PII is crucial.

By taking a strategic approach to cyber security, you can protect yourself and your organization against identity theft and data breaches.

Are you exposed?

Find out how much data about you and your organization's employees is exposed on the dark web — credentials, credit card records, recent data breach exposures, malware infections, and more.

Related posts

Personally identifiable information: How to prevent identity theft

Personally identifiable information: How to prevent identity theft

Read full post
Data leakage: What it is and how to prevent it

Data leakage: What it is and how to prevent it

Read full post
Your digital footprint: Managing your online presence

Your digital footprint: Managing your online presence

Read full post