There’s so much talk about Personal Identifying Information (PII) and how to protect it, but there’s also a lot of confusion about which information you should protect.

PII, typically refers to a specific set of data that tells someone a lot about you. This includes your name, address, phone number, birth date, Social Security number, email address, passwords or usernames.

First of all, it’s important to remember that all of the above mentioned PII are just examples and not a comprehensive list. It’s also not all-or-nothing, meaning a criminal doesn’t need all of that data in order to use it maliciously. If someone steals your name and email address but not your birth date, for example, that doesn’t mean there’s no threat of account takeover. Some states have written their data breach laws to reflect that a combination of pieces of PII could potentially trigger a notification law.

Your Social Security number has long been considered the “Holy Grail” of PII. With it, a thief can open new lines of credit, establish loans for cars or houses, open new utility accounts at a new address, and even apply for government benefits. Having more of your information is helpful when trying to use your SSN, but not having the SSN just makes it more difficult to steal your identity.

There has been some buzz lately that your cell phone number is just as useful as your Social Security number, but it’s important to point out the distinction. A thief cannot get a credit card in your name, apply for unemployment, or even open a new bank account just because they have your cell phone number. However, having your actual cell phone is a much bigger risk and can actually lead to account takeover or identity theft.

With so many data breaches and hacking events in recent years, it’s easy to adopt the false mindset that there’s nothing you can do to protect your PII, or worse, that there’s no point. Nothing could be further from the truth, though. Thinking that your identity has been exposed so it doesn’t matter where your data ends up is like saying, “Well, I’ve had the flu once, so I might as well catch tuberculosis.”

Here are a few easy things consumers can do to guard their PII:

1. Ask where your information will end up, and how it will be protected.

It might feel awkward, but when you’re filling out a form, you’re entitled to know who will be able to access this information, how it will be protected, how long it will be stored, and more. If you don’t get reassuring answers from the person receiving your document, think twice about filling it all in.

2. Just because they ask, doesn’t mean you have to provide.

A variety of forms still ask for invasive information like Social Security numbers. You’re not required to turn it over every time someone asks. You might be surprised to find out that the person asking doesn’t even know why they need it. There are a handful of legitimate uses for your SSN, but you’re allowed to hold back your PII until they can prove why they need it.

3. Be mindful of what you share, especially online.

Many people might not think about how their social media content can be pieced together, but your accounts can actually tell a lot about you. Your birth date might be listed in your profile, along with your maiden name. You might have posted a picture in front of your house with your street number clearly visible. You might have checked in at a business near your house or wished your child “Happy Birthday” online. Be aware that every piece of the identity puzzle could be sitting in plain sight for someone to gather.

4. The “old school” methods of stealing your data are still working.

Consumers used to be warned about destroying old checks or shredding credit card statements before discarding. In the digital age, it’s easy to think those things are less of a threat, but the truth is they are still every bit as viable as ever. Just because new methods of stealing your personal information have come along over the years, that doesn’t mean dumpster diving or stealing your mail won’t still happen.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

1 reply

Trackbacks & Pingbacks

  1. […] In order to understand why this can be so detrimental, consumers should first think about the login credentials, most commonly this is a username and password, they use on their online accounts. While the best practice is that consumers use different login credentials on each of their accounts, this often isn’t a reality. How many consumers use the same username and password for their Facebook account as they do for their online banking? Even those who may think they are being safe by using different passwords often only use one or two slight modifications, such as the addition of a punctuation mark or another number to their commonly used passwords. When this is the case, all that a cybercriminal has to do is get their hands on the login credentials for one account and they have the key to open many accounts, which may be far more dangerous than the initial account which was compromised. This is crucial for consumers to understand. It shows why each piece of personal information, even something as seemingly useless as the login credentials for an old Twitter account you no longer use can spell big trouble. This is why we stress that consumers need to protect all the components of their personal information because they all have value. Of course, don’t hand out your SSN as you would your email address. The best strategy is to continue to guard that information as incredibly sensitive as well as protecting other personal information. […]

Comments are closed.