(This is the first of two articles on personally identifiable information(PII).)
Steve had just received his credit report and noticed a bank loan taken out over a year ago in a town across the country. When calling the bank about the application, he found that the information used to take out the loan was completely correct–even data from his grade school and high school days, things he thought no one would know. How in the world did that happen?
What is PII?
Your personally identifiable information (PII)–name, sex, age, education, employment history, credit and banking records, insurance policies, physical characteristics, assets, and more – is a sensitive, intangible asset that can be gleaned from various sources:
– Public records
– Online or physical store purchases
– Webpage visits and ad clicks
– Social media and mobile app use
– Surveillance camera footage
– Movie or video watching
– Location of your mobile phone
– Surveys and contests
– Periodical subscriptions
– Loyalty card services
And other, less explicit data is collected (at which you could be amazed):
– Your likes and dislikes
– What your politics are
– What time you wake up
– Where you get your hair cut
– How fast you walk
– If you attend religious services
– What you respond to
– What you are doubtful about
– What worries you or excites you
– Your IQ
– Your habits
How is Consumer Data Used?
“Data brokers,” or “information brokers,” aggregate PII (and other data such as in the list above) in order to create profiles of individuals. Data brokers hold information on each of more than 200 million consumers around the world and sell these profiles to third parties such as marketers and advertisers, health insurance companies, even government entities. Consumers may find it difficult to choose how companies use their personal data or with the level of privacy they desire. And brokers generally don’t give users the right to access, edit, or correct their own data.
Data has become cheap in one sense, e.g. user data is available on the dark web for a small fee. But data has also become extremely valuable. It’s not pooled for user benefit. Social media platforms only exist because of advertising targeting users based on data profiles. In Europe, the General Data Protection Regulation (GDPR) contains rules on data privacy and describes how EU citizens must be allowed to edit or delete it, but the U.S. has yet to enact similar protections.
(Only recently in modern Western history have private citizens been subject to such an information machine. This is not a situation dissimilar to those in charge of China’s “social credit” system, where every consumer action is recorded, aggregated and used not only for financial reasons, but also for government surveillance purposes.)
Many users are not aware this information’s release when it happens, nor the rules that govern it:
– 91% of users believe consumers have lost control over how their data is collected and used.
– 80% of users who use Facebook or other social networking sites are concerned about how businesses or advertisers use their data.
– 49% of those same users are also concerned about governments using their data from social media sites.
Steve didn’t know how he lost control of his PII. Unfortunately, he is among the many consumers who have fallen victim to identity theft. Calling creditors and their own bank can help many people and an identity protection service may also serve as another step to better privacy.
For small and medium businesses and organizations, business data should be treated as one of the most valuable assets an organization has. Corporate spies and those out for personal financial gain or political advantage are among the possible threats to SMBs.
Next, we look at the importance of personal data and intellectual property to SMBs and how they can take measures to protect it.
Tech Kahunas know the needs of SMBs and organizations.
We’ll stay on top of the threats.
We’ll watch your data.
We’ll review your risks.
We’ve got years of this.