Personally Identifiable Information (PII) — Why so important and how to protect it?

Recently, the Government of India brought the DPDP (Digital Personal Data Protection) act and since then, I have been reading a lot of articles explaining the meaning of this bill, it’s implications and other details. There have also been a lot of talks about GDPR (General Data Protection Regulation) that was brought into the force by the European Union in 2016. Today, the focus of many organisations has become “data protection” and “privacy”.

However, a major piece of knowledge still remains unknown to many, and that is nothing but the importance of Personally Identifiable Information, hereafter referred as PII. Especially in a hugely populated country like India where the massive part of economy is consumption and service-sector based, the end customer is the most important factor for any business. The customers’ data helps in nothing but growing the business and earning more money.

Have you ever thought of any of the below points? If no, then this article is for you and you should read till the end!

• Every Indian gets at least 1 spam call a day, for credit card, loan, insurance, investments etc. Sometimes we make fun of the caller by responding in a mischievous manner, sometimes we get angry and scold the caller and most of the times we cut the call.
• Most of the spam callers start by saying “Am I speaking to Mr./Mrs. …. ?”, “Do you want a flat in Pune, near ……. locality?”, “Do you want to buy Insurance for you Suzuki two wheeler?” and many more questions.
• Have you ever thought that this information about you is sensitive and a third person must not be having it?
• The real answer is : 90% of us don’t care. Simply because we do not know the importance of PII. We write our PAN number on a piece of paper and give it to an unknown person, write the credit card details in a WhatsApp chat to remember it easily and many more such practices.

Therefore, it is important to know what to do and what not to do when it comes to PII.

Firstly, let us quickly understand what PII is all about. PII is any data that could possibly identify a specific individual. Any information that could be used to distinguish one individual from another is also considered as PII.

The most sensitive details include (Passport Number, Email Address, Phone Number, Aadhar & PAN number, Bank Account and Credit Card Number, etc).

There is another type of PII that can become sensitive if paired with another identifier. E.g. Date of Birth, Medical Information, Mother’s name, Medical History, Criminal Records.

Personally Identifiable Information (PII)

Why PII is so important for an individual?

The main reason for keeping your PII safe is identity theft or breach of integrity. If your PII is unsafe, it can directly affect the three main principals of Information Security (Confidentiality, Integrity and Availability). Let us see this with an example.

Bob is a businessman staying in India. His PAN card number is IVYPK1234X. Alice is a thief and she knows this data. She can now very well use it for malicious activities. You may think that a mere PAN card number cannot affect anyone. However, PAN card number, combined with Name, Phone Number, Address, Date of birth etc. may lead to creation of false accounts or documents in Bob’s name, financial losses, medical issues or much more.

Here, since Bob’s data is known and accessible to Alice without his consent, here the confidentiality principal gets breached. Similarly, Alice can easily modify and change Bob’s data, breaking the integrity principal. Furthermore, if the data is misused, Bob might not be able to access his accounts which could lead to availability breach. In this way, misuse of PII leads to information security breach.

Today, most of the financial frauds in India happen due to the misuse of PII. We all are aware of UPI frauds, Credit Card frauds; do we ever think that before an innocent person submits the OTP to the hacker or before a technically unaware person gives his PIN to a thief, the victim has been identified as a specific target and the hacker has all of his/her information, which is nothing but PII.

Hence, to avoid such frauds and to keep yourself and your money safe, the importance of PII should be understood by everyone.

How to Protect PII?

OK, PII is important, understood! But how to protect it?

As an individual, you should:

• Keep the electronic as well as physical documents safe.
• Re-think before sharing anything on social media and avoid sharing confidential information.
• Be aware before giving out the PII, and only provide it whenever required.
• Check how the organisation is protecting and processing the PII and if it has privacy policy, whether it is taking consent from the user before collecting the data.
• Ask questions : How, Where, When, Why related to PII.
• Avoid making financial and sensitive transactions in a public place and using a public Wi-Fi.

I hope this article aids you in knowing significance of your data and you start protecting it, while also making the others aware!

Do share this article if you think it can help someone understand the subject better! Also do suggest new topics and subjects that you would like to read about.

“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.” — Marlon Brando, Actor