Learn about how PII is defined in different settings.
- [Instructor] There are three categories of identifiers that we use to authenticate ourselves. They prove that we are who we say we are. Those categories are something we have, for example, a Social Security card, or driver's license; something we know, for example, a password or security code; and something we are or do, for example, our fingerprints or voice prints. Some identity elements are considered public directory information. The term comes from the assumption that certain information about an individual could be gathered from publicly available sources.
From a telephone directory, for those who still remember using one, included here is information like name, address, telephone number, school, gender. Definitions of what is public directory information vary according to the context in which it is used. Those definitions can be broad to my mind. Even elementary schools can legally release student details, like date and place of birth, as public directory information. Of course, online information consolidation sites, like Spokeo, Intelius, Zabasearch, are also excellent sources.
The collection and use of nonpublic information or NPI is increasingly regulated by law. The definition of NPI can be a bit opaque, however. The U.S. Department of the Treasury, for example, defines NPI as personally identifiable financial information that is not publicly available. Not very helpful. I suspect, however, that when the loan officer at my bank sent me copies of my loan documents as a password protected attachment but included the password in plain text in the email that he was in violation of state and federal laws protecting my PII.
Also, the definition of NPI has changed over time. As I mentioned before, at least into the 1970s, it was common practice to have one's Social Security Number printed on a bank check. Today, we are advised to shred documents that contain our Social Security Number. The move to e-government services, making government services available online at any time to citizens, reveals some of these older practices, like writing down Social Security Numbers that were based on physical documents.
Scanning documents and making them readily available over the internet exposed the PII of citizens. Social Security Numbers were printed on marriage certificates, for example. Information that was previously only available by physically going to the clerk of records, signing out large volumes of collected documents, and reading them at the government location was now available to anyone, relatively anonymously, from anywhere. This was an unintended consequence that was addressed, but that was a learning moment for those of us trying to make government more citizen-friendly.
Some PII is considered unique to us. For example, our Social Security Number is a unique identifier that no one else can claim. Likewise, biometric identifiers, like fingerprints or DNA, are unique to us, although mistakes may be made in matching biometric identifiers correctly. Other PII is built from a set of identity elements, and, so may be unique as a whole, but not unique in its parts. Here are some examples of identity elements that match when considered singly, but do not match when assembled.
My 6'8" son-in-law and my 5'3" niece were both born on the same day, but not the same year. My children have the same Social Security Numbers except for one number, lived at the same address for about 16 years, shared the same last name, even graduated from the same high school. Their birth dates, birth years, and given names are different, however. In this lesson, we have discussed the three categories of credentials that are used to authenticate our identity. We mentioned that some detailed information may not identify a unique individual until combined with other detailed information.
We have also discussed what is considered public directory information and nonpublic information, or NPI, and that the definition of what is NPI has changed over the years. Next, we will discuss different identity elements in the marketplace and their value.
This course was created and produced by Mentor Source, Inc. We are pleased to host this training in our library.
- What is PII?
- Formal and informal capture
- Why is PII protected?
- Legal and regulatory influences
- High-profile PII breach cases: Medical, financial, and educational
- Global differences in PII use
- Protecting PII as an individual
- Best practices for organizations to protect PII