Personally Identifiable Information: What It Is and How to Protect It

Credit: Lasse Kristensen/

(Image credit: Lasse Kristensen/

It used to be that the telephone book was one of the only ways to gather personal information, such as phone numbers or addresses, about other people.

Today, the Internet has opened up new avenues. Nearly every shred of a person's personal details is on the Internet in some form or another.

In the wrong hands, such information can be used to steal someone's money or identity. With so much information out there, it can be difficult to know what you should be keeping a close eye on.

MORE: How to Protect Yourself from Data Breaches

What is personally identifiable information?

Personally identifiable information (PII) is any information about an individual that can be used directly, or in connection with other data, to identify, contact or locate that person. Such information can include medical, educational, financial, legal and employment records.

Because personally identifiable information is so valuable, federal and state laws have been enacted to protect it in the United States. The laws, which apply to businesses, schools, medical facilities and government institutions, limit the distribution and accessibility of PII.

Examples of personally identifiable information

Personally identifiable information can be anything that identifies an individual, such as a full name, an address, a home, office or mobile telephone numbers, an email address, a Social Security number or other form of national ID number, an Internet Protocol address or a fingerprint or other biometric data.

Other types of PII include an individual's birthday, age, criminal record, gender, race and educational history. Vehicle registration numbers, property title information, taxpayer and patient IDs and passport numbers are also examples.

Protecting personally identifiable information

An organization that doesn't protect the personally identifiable information of its employees, members or customers risks incurring a significant financial cost, as well as a blow to its reputation, in the event of a data breach.

Well-run organizations employ numerous security protocols to ensure that personally identifiable information is safe and secure at all times.

It is critical that all organizations, including businesses both small and large, make sure they are following all the legal requirements that the state and federal government has set forth.

Protecting PII involves a combination of encryption, threat protection, data-loss prevention and policy compliance.

When handling PII, organizations must set rules regarding access to the data, how the data is received, stored and transmitted, what information can be sent within the organization and what can be passed along to third parties.

Consumers worried about their privacy can check with each organization they are considering doing business with to ensure the proper privacy protocols are in place.

Follow Tom's Guide @tomsguide, on Facebook and on Google+.

Tom's Guide Staff

Tom's Guide upgrades your life by helping you decide what products to buy, finding the best deals and showing you how to get the most out of them and solving problems as they arise. Tom's Guide is here to help you accomplish your goals, find great products without the hassle, get the best deals, discover things others don’t want you to know and save time when problems arise. Visit the About Tom's Guide page for more information and to find out how we test products.