Personally identifiable information, or PII, is any data that could potentially be used to identify a particular person. Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address. We often talk about PII in the context of data breaches and identity theft. If a company or organization suffers a data breach, a significant concern is what PII might be exposed—the personal data of the customers that do business or otherwise interact with the entity. Exposed PII can be sold on the dark web and used to commit identity theft, putting breach victims at risk.

Not all PII is equal in terms of importance or sensitivity. For instance, your Social Security number is yours alone. That makes it critically important to your identity. On the other hand, it’s possible—even likely in some cases—that other people have the same name as you. Consider how many Steve Smiths and Maria Garcias there must be. So, while your name is an important piece of PII, it’s secondary to your Social Security number. Often, identity thieves piece together a potential victim’s PII. Combine a name with a person’s email address—and the crook is getting somewhere. Add in race and hometown, and the thief is well on their way to identifying a victim. With this information and the Social Security number that goes with it, a thief could have all they need to commit identity theft. That’s why you don’t want to carry your Social Security card in your wallet—with all your secondary PII. Your lost wallet could be an identity thief’s dream come true.