What is personal information or personal data? Examples and ways to protect it

What is personal information or personal data?

Personal information is any detail that can identify you or aspects of your life — it includes everything from your name and address to your favorite vacation spot. This information helps paint a picture of who you are, what you like, and what you do in your life.

Personal data refers to information that can directly or indirectly identify you. It covers a wide range of information, both digital and physical. Different organizations collect the personal data of their clients or users, and claim they do it to provide better services, improve user experience, or market their goods or services more effectively to each particular consumer.

Personal information is a more general term covering a broad range of information about an individual. In contrast, personal data is a more specific term commonly used in data protection regulations like the EU’s General Data Protection Regulation (GDPR). But there’s one more term you should know — it’s personally identifiable information (PII).

What is personally identifiable information?

PII is a subset of personal data. It specifically refers to information that can uniquely and directly identify an individual (the “identifiable natural person,” legally speaking), either on its own or when combined with other data. PII is more commonly used in the United States, particularly in legal, security, and privacy contexts.

Personal information, personal data, and PII examples

Some forms of personal information, personal data, and personally identifiable information overlap. For example, your full name, birthdate, home address, phone number, email address, and personal identification numbers (Social Security number, driver’s license number) fall under all three categories. Other forms are slightly more distinctive, but their distinctions are often nuanced and context dependent.

Personal information examples

Typically, personal information includes:

• Full name
• Date of birth
• Home address
• Phone number
• Email address
• Personal identification number
• Social media profile details
• Job title and employment details
• Employer name
• Marital status
• Family members’ names
• Physical characteristics
• Favorite vacation destinations

Personal data examples

Personal data includes data about you that can directly or indirectly identify you and can be monitored and stored. It also includes online identifiers and your digital footprint:

• Full name
• Date of birth
• Home address
• Phone number
• Email address
• Personal identification number
• Health records
• Financial transactions
• Browsing history
• IP addresses
• Some cookies
• Location data from your smartphone
• Purchase history
• Social media activity
• Survey responses
• Online account usernames
• App usage statistics
• Religious or philosophical beliefs

Personally identifiable information examples

PII includes the following forms of information that directly point to an identifiable natural person:

• Full name
• Date of birth
• Home address
• Phone number
• Email address
• Personal identification number
• Social Security number
• Passport number
• Credit card number
• Bank account number
• Tax identification numbers
• Personal phone number
• Personal email address
• Home and mailing address
• Employment details (employee ID, job title)
• Biometric information (fingerprints, facial features)
• Medical records

Examples of information not considered personal data

Not all information is considered personal data. For example, details that don’t point back to you, like anonymized data, survey results where your name isn’t attached, or statistics about website visits that don’t show who visited them aren’t personal data. Consider the general data social media platforms share, like the number of likes a post gets or the peak times users are active. This information doesn’t give any details about your identity and is not considered personal data.

Who can access my personal information?

Many entities, including businesses, government agencies, healthcare providers, and educational institutions, can access your personal information. Government agencies, like the Internal Revenue Service or the Department of Motor Vehicles in the US, collect your data primarily for legal and regulatory purposes, such as taxation, Social Security, or issuing licenses. They are legally obligated to gather and protect this information as part of their public service duties.

On the other hand, private companies and online businesses collect the information you share with them when you register for their services, make purchases, or interact with their platforms. While they use your data to improve their services, market their goods, or provide customer support, the law requires them to protect and handle your information transparently.

The importance of protecting personal information

It’s important to make your personal information protection a priority if you want to avoid privacy breaches that make your sensitive data available to unauthorized parties and result in identity theft and financial loss.

But what data is the most sensitive to you? Have you ever asked yourself what data you are the most worried about being made public? We asked our customers this question in our privacy exposure survey. We discovered they see their financial information as the most valuable and needing protection from unauthorized access.

It helps to use data protection tools such as encryption, VPNs, and secure browsers to reduce the likelihood of unauthorized access to your personal information. And, of course, don’t make it easy for online thieves to take advantage of you by oversharing on your social media accounts.

How does the law protect personal information?

Specific laws protect your privacy by setting strict rules for how organizations handle, store, and protect your personal, sensitive, and confidential information. For example, the guidelines set by the National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA) in the US, along with the General Data Protection Regulation (GDPR) in the EU, have strict rules to protect your personal information. These regulations ensure that all organizations and businesses that collect personal information, personal data, or personally identifiable information handle it carefully, keep it safe, and store it properly.

According to these laws, you, as the “data subject” (the person the data is about), have a right to access your data, correct any mistakes, and even ask the organization to delete it. Whether it’s GDPR, HIPAA, CCPA, or NIST guidelines, these laws ensure your personal information is collected, processed, and securely stored while giving you control over your data.

How do businesses protect personal data?

Businesses use various methods to protect their clients’ personal data, including encryption, secure servers, firewalls, and regular security audits. They also train employees on data privacy practices and have policies in place to handle data breaches.

If you’re unsure how a business handles your personal information, you should check its data protection policy or contact its customer service to find out. Suppose the handling of your data is not up to standard. In that case, you can ask the business to delete your data, or you can report the issue to the relevant data protection authorities.

How can I protect my personal information online?

To protect your personal information online, you should take some proactive steps and stay mindful of your online behavior:

• Use strong and complex passwords for different accounts and enable multi-factor authentication where possible.
• Be cautious about what personal information you share on social media.
• Read the data protection policies of the websites and services you’re considering signing up for to find out what personal data they collect and make sure they handle it properly. If they don’t, look for a different provider.
• Only use reliable websites for secure online shopping.
• Regularly update your software and use antivirus programs to protect against malware.

Another critical step in protecting your personal information is understanding what Google knows about you. Google collects a lot of data from your searches, emails, and even your location, which it can later use for targeted advertising and personalized services or share with third parties. To see and manage the collection of your data, check out your Google Account’s privacy settings. You can remove your personal information from Google by deleting your search history, clearing browsing data, and using tools like Google’s My Activity.

If you’re curious about what the internet knows about you, search your name and see what comes up. Services and tools, like Incogni, can help you delete yourself from the internet, reducing your online footprint and protecting your privacy.

FAQ

Where can I report a data breach of my personal information?

You can report data breaches to relevant authorities such as the US Federal Trade Commission (FTC) or your local data protection agency. For more guidance, visit our webpage on where to report cybercrime and find information relevant to your location.

But remember that not all breaches are a consequence of a cybercrime — sometimes, a poor configuration on the data holder’s end, a human error, or a system malfunction can lead to a data breach. If you’re unsure how a breach happened, consult with cybersecurity experts.

Is it safe to share personal information on social media?

Be cautious about sharing personal information on social media because bad actors can easily access it. Adjust your privacy settings to limit your posts’ viewers to the circle of people you trust, and avoid sharing sensitive personal information publicly.

Social media privacy problems are regularly in the news, highlighting how easily your details can fall into the wrong hands. Stay informed about platform updates and privacy policies for the services you use to protect your information better.

Where should I store my personal information securely?

You should store your personal information in encrypted digital storage, such as an encrypted cloud service, to ensure that only you and other authorized individuals can access your data. Protect your digital storage with strong passwords and use password managers to generate and store these passwords safely. Avoid keeping sensitive information in easily accessible or shared places, such as shared drives or unprotected folders on your computer.