Cyber criminals place a high value on personally identifiable information (“PII”) because it can be used to impersonate people in order to transfer money from people’s bank accounts, make online purchases using people’s credit cards, purchase automobiles, and even refinance other people’s houses while pocketing the proceeds.  PII is so valuable that it likely can be used in profitable ways we cannot even yet imagine.  Here is what you need to know to protect yourself.

What is PII?

The Department of Homeland Security defines PII as “any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual . . . [.]”  The California Consumer Privacy Act (“CCPA”) defines PII as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

Examples of PII generally include, but are not limited to, your full name, home address, phone number, e-mail address, social security number, driver's license number, vehicle registration number, credit card number, date of birth, and any other information that is linked or linkable to an individual.  Information that cannot be used to identify an individual and anonymous or anonymised data generally is not considered PII.

What Can You Do To Your Protect Yourself?

To adequately protect your PII, a multi-faceted approach is best.  Some of these recommendations are obvious, but even those are included because protecting your PII is so important.

(1)       Be Wary Who You Share Your PII With.

It goes without saying that you should be careful what businesses or other entities you share your PII with.  However, you should go one step further.  Proactively find out what PII legitimate businesses and entities you interact with retain, for how long, and also how the PII is protected, as well as with whom the PII is shared.  Otherwise, you cannot make educated decisions regarding protecting your PII.

(2)       Vary and Change Your Passwords Regularly and Make Your Security Questions Tricky and Varied.

If one of your accounts is hacked and one of your passwords is obtained, that password could be used to gain access to all of your other accounts that use that same password.  Moreover, change your password regularly based on the likelihood that it has already been compromised.  In addition, make your security questions tricky because cyber criminals may have already obtained some of your PII previously and found out easy to find personal information on you.  You should also vary your security questions in case one of your accounts has already been compromised.

(3)       Be Cautious What Links in E-mails You Click On.

Most computer systems are compromised because the user clicks on a link provided by hackers in a fake e-mail and not through a frontal attack.  If an e-mail looks suspicious, do not click on the link it contains and instead call the sender to verify the e-mail is genuine.  Hacking into your computer system via a malicious email or link provides hackers with a treasure trove of PII they can use to launch multiple additional attacks on you.

 (4)       Rarely Use Public Wi-Fi.

Public Wi-Fi provides little or no protection against hackers.  Hackers linger at airports, bus stations, public libraries, coffee shops, and other places that have public Wi-Fi, hacking into users and stealing PI on a mass scale.  Avoid public Wi-Fi unless you are using a virtual private network (“VPN”) or it is an absolute emergency.

(5)       Disassociate PII From Social Media Sites.

Friends should be the only people able to find you on social media sites.  Therefore, do not use your phone number or a well-known e-mail as logins for social media sites.  If you can be found on social media sites, seemingly meaningless information, such as a nickname or where you met your spouse, can be used to figure out your account passwords and answers to your security questions.  In addition, your social media sites should be as private as possible so that only friends can review any of the content.

(6)       If Affordable, Hire A Company to Monitor Your Online PII and/or Scrub it from the Internet.

Hiring companies to assist with protecting your PII can be extremely valuable if you are willing to bear the expense.  Companies cannot only monitor the internet and the dark web for the unauthorized use of your PII, but they can also alert you and companies of any fraudulent activity.  They can also scrub your PII from the internet.  For example, they can disassociate your PII from your phone number.  As a result, if someone knows your phone number from a recent phone call, they would not be able to find out your name or address from a reverse phone search because the company you hired scrubbed that connection.  Remember, if someone knows some of your PII, the chances of them obtaining more increases substantially.

Consult Applicable Laws.

It should be noted that each state that has enacted privacy laws defines PII in their own specific way.  In addition, privacy restrictions, breach notification requirements, and violation remedies will all be based on state law.  As such, if you are a consumer and your PII has been compromised, consult applicable state laws to determine whether your rights have been violated and whether you have a remedy.

By the same token, if you are a company whose records contain PII of consumers, you should consult the privacy statutes of each state (or trade unions if you do business overseas) you do business in.  Because privacy protection laws and related breach notification requirements are enforced, you should be careful to comply with them.

Daily news reports illustrate that the consequences of having your PII stolen range from lost identity to financial ruin.  Follow the steps contained in this article to help protect yourself and spread the word so we can provide a united front against cyber criminals.  Vigilance is our best defense.