Personally Identifiable Information - What is PII Data?
What is PII Data?
Personally Identifiable Information is simply personal information that can be used to identify any single individual. There are unique pieces of data that are attached to only one single person and are unique globally. Information such as Identification Numbers such as Social Security Numbers, passport numbers, driver's license numbers, TAX ID numbers, phone numbers, and more. Other information such as biometric data including fingerprints, facial geometry, and voice signatures are regarded as PII data. Whereas this PII data is identified as direct personal data, other pieces of data such as race, gender, date of birth, and geographical indicators are regarded as secondary, or indirect, identifiers but still fall under PII data.
How PII Data is Used
Businesses, organizations, and state departments require some of this data to ensure efficiency in their operations. For instance, an Ecommerce platform requires your home address, contact information, and even banking information to fulfill its mandate of selling you a product online. A cab-hailing service requires your contact information and payment details to operate as needed. All this data collected to uniquely identify individuals is known as personally identifiable information (PII) or simply known as PII data. When creating an account on a hotel booking service, you have to provide your PII data such as your name, passport number, banking information such as credit card number, and more, which will be used to identify you once you physically arrive at the hotel.
How CCPA and GDPR Protect PII Data
Users are often required to give their PII data to businesses and organizations. However, as we have seen in various cases, submitting personal information to Business A does not guarantee that only Business A will use it. The business might be in partnership with Business B, Business C, and Business D. Business A can freely give the data to the other business or can sell it to them.
California Consumer Privacy Act of 2018 (CCPA) allows California residents to have control over their personal data. General Data Protection Regulation (GDPR) provides guidelines on how businesses should process and store data collected from European Union (EU) residents. Both CCPA and GDPR require that businesses explicitly describe the data they collect, how they intend to use the data and any third parties that will have access to the data. Any business regardless of its geographical location in the world is bound by CCPA guidelines if it serves California residents and the GDPR laws if it serves EU residents.