Companies use identity data to recognize the same person on all devices and channels. Examples of identity data include user identifiers, email addresses, device identifiers, first and last names, phone number, email address, social media identifiers, loyalty identifiers, and more. The main use cases for identity data are identity resolution, data incorporation, and data enrichment. The abundance of technology and devices makes it increasingly difficult to identify consumers.
However, with customer identity data, you can easily identify your users and provide them with a seamless experience no matter what device they are on. Customer identity data includes the ID of the device or model connected to their profile. Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The National Institute of Standards and Technology's special publication 800-122 defines PII as any information about a person held by an agency, including (any information that can be used to distinguish or trace a person's identity, such as the name, social security number, date and place of birth, mother's maiden name, or biometric records); and (any other information that is linked or can be linked to a person, such as medical, educational information, financial and labor).
For example, a user's IP address is not classified as PII on its own, but is classified as linked PII. The concept of PII has become widespread as information technology and the Internet have facilitated the collection of PII, leading to a profitable market for the collection and resale of PII. Criminals can also exploit PII to stalk or steal a person's identity, or to help plan criminal acts. In response to these threats, many website privacy policies specifically address the collection of PII, and legislators such as the European Parliament have enacted a series of laws, such as the General Data Protection Regulation (GDPR), to limit the distribution and accessibility of PII.
What is Personally Identifiable Information?Significant confusion arises as to whether PII means information that is identifiable (that is, that can be associated with a person) or identifiable (that is, associated only with a person, in such a way that the PII identifies that person). In prescriptive data privacy regimes, such as HIPAA, the elements of PII have been specifically defined. In broader data protection regimes, such as the GDPR, personal data is defined in a non-prescriptive and principles-based way. Information that might not be considered personal information under HIPAA may be personal information for the purposes of the GDPR.
For this reason, PII is often out of use internationally. Information that can be used to distinguish or trace a person's identity, such as their name, social security number, biometric records etc., alone or when combined with other personal or identifying information that is linked or can be linked to a specific person such as the date and place of birth, mother's maiden name etc., any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one that can be identified directly or indirectly in particular by reference to an identifier such as a name identification number location data online identifier or to one or more factors specific to the physical physiological genetic mental economic cultural or social identity of that natural person. Combining a name with a context can also be considered PIP I; for example if a person's name is on a patient list for an HIV clinic. However the name does not need to be combined with a context for it to be PII.
The reason for this distinction is that some data such as names while not sufficient on their own to identify individuals can later be combined with other information to identify individuals and expose them to harm. When a person wishes to remain anonymous their descriptions often include several of the elements above such as a 34-year-old white male who works at Target. Keep in mind that information may remain private in the sense that a person may not want it to be publicly disclosed without being personally identifiable. In addition sometimes several pieces of data which are not sufficient on their own to unambiguously identify a person can uniquely identify a person when combined; this is one of the reasons why multiple pieces of evidence are usually presented in criminal trials.
It has been demonstrated that in 1990 87% of the United States population could be uniquely identified by gender zip code and full date of birth. It seems that this definition is significantly broader than the California example given above and therefore Australian privacy law may encompass a broader category of data and information than in some US laws. The term PII is not used in Australian privacy law. European data protection law does not use the concept of personally identifiable information but rather its scope is determined by a broader concept and not synonymous with personal data.
The twelve information privacy principles of the Privacy Act 1993 apply. The National Institute of Standards and Technology (NIST) is a physical science laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
Less Commonly Used Identifying InformationThe following are less commonly used to distinguish individual identity because they are traits that are shared by many people. However they are potentially personally identifying information since they can be combined with other personal information to identify a person: most important information such as your password date of birth identity documents or social security number can be used to log in to different websites (see Reusing passwords and account verification) to gather more information and access more content. A consumer identity graphic provides profiles of people households and mobile ad identifiers (MAIDs).The art of evaluating the quality of identity data involves the user using advanced mechanisms to determine the quality or accuracy of the data.
Based on these personal profiles marketers can design identity graphics that can help them better understand their customers.