Personally Identifiable Information
Personally Identifiable Information (PII), that’s the handy catch phrase for every bit of information you’ve ever posted electronically from your home computer or mobile device. When you’re online, you really are connected, but probably not in the way you expect or intend.
Information in the Public Record.
Some of your personal information may be a matter of public record, as contained in filed instruments with the county recorder’s office, for example. Although local governments are beginning to require redaction of PII on documents before recordation, once the information is released to the public there is little you can do to redact it. Eventually your public records information gets picked up by search engines like Google, Yahoo, and Bing, to name only a few.
The definition of PII varies, but at its most simplistic it is a combination of your name and any number you’ve been assigned by a financial institution (bank account, credit card number) or government entity (driver’s license, state ID, SSN, FEIN). Although we can easily describe what PII is, it has become a real battle to preserve personal information from being bought and sold without the subject individual’s knowledge and consent. The problem is getting worse, not better, and the onus on tracking your PII is being left to you against, seemingly, the world.
The Hunter Gatherers of Your PII.
Every activity and search you perform online or on your mobile device can be tracked and stored, and typically is. With every action, you provide information about your search habits, interests, and proclivities along with more and more of your private details. That’s the main reason why your PII, as pure information, is so very valuable to service providers and to the third parties they share your information with. It is also why there has been, and continues to be, such a legalistic battle over who owns compiled PII – you or the compiler.
When you use Bing online, for example, your searches are recorded, your search habits are stored, the location of your devices are saved, your apps and device features are noted. That information is bundled with your name, account numbers, and demographic information – whatever else is available about you. The report is then exchanged or sold as valuable information about what will get you, specifically, to buy whatever widget is being offered for sale.
The hunter gatherers of your PII are everywhere. They include Facebook, Google, Groupon, Verizon, retail store rewards cards, and every other entity that has offered up a thinly veiled privacy policy in exchange for your participation in their program or service. The service provider collects your information for its own reports, but then turns that information over to third parties in exchange for something of value, all the while you are being told that this sharing is to “better serve you.” What exactly do you get out of the sharing of your PII? Who suffers when your PII is leaked, hacked, or stolen?
Where Is Your PII Going?
Your PII is being collected and sold to third parties that use your information to tailor your future search results and control the advertisements you will see, among other things. Once your PII is bundled with your online habits, it has significant commercial value. We have privacy laws because it most definitely has value to you. But it also has value to the entity that collected it and to the organization that they shared it with – in other words, it’s an asset and you’re the only one who is not invited to participate in the benefits.
Assets are something owned and with ownership comes the right to exercise control. So with PII, the question becomes one of true ownership. When the information collected uniquely identifies you, is it not yours to control? There are a lot of problems associated with the collection, use, and protection of PII. Personally identifiable information is about you and from you, everything you order and purchase online, every movie and TV-series you stream, and every online game you play adds to your uniquely identifiable information. Mailing lists that are purchased by third parties through brokers fetch anywhere between five and five-hundred dollars per name. Your name may very well be on many of those lists.
What Can You Do to Protect Yourself?
The best advice we can give you is to be diligent in protecting your personal information even though it may be inconvenient from time to time. Never post PII on Facebook or any other social media network, as the availability of your personal information makes it vulnerable to interception. Always carefully review all privacy policy notices that you receive via email, as recently with Google, even though they may appear to be spam. Lastly, do not be afraid to restrict the use and sharing of your personal information.
