Blog / Identity Theft

What is personally identifiable information (PII)? Meaning and examples

Personally identifiable information (PII) is any data tied to you that could reveal your identity. Read the article to discover why keeping your PII safe is important and how to protect it.

Author image

Aurelija Einorytė

March 26, 2025

7 min read

What is personally identifiable information (PII)?

Personally identifiable information (PII) is information about an individual that can reveal their identity, such as their full name, Social Security number, or contact information. Any information that can distinguish one person from another is considered PII.

Direct identifiers, like passport or Social Security numbers, can identify individuals on their own. If one person gets hold of them, they could recognize exactly who another person is simply through these identifiers. Indirect identifiers, on the other hand, like an individual's birth date, ZIP code, or job, don't identify them directly. Still, paired with other sensitive data, they could reveal a person's identity.

Sensitive vs. nonsensitive PII

The difference between sensitive and nonsensitive PII is that sensitive PII reveals an individual's identity. In contrast, nonsensitive PII is just basic personal information that can't identify a person without additional context.

Sensitive PII

Sensitive PII is any personal information that, if exposed or misused, could cause serious problems for the individual. For example, if someone's Social Security number, bank account details, or credit card information gets into the wrong hands, it could enable criminals to make unauthorized purchases or take loans in the victim's name.

Sensitive PII includes a person’s:

  • Full name.
  • Social Security Number (SSN).
  • Passport number.
  • Driver's license number.
  • National ID number.
  • Taxpayer Identification Number (TIN).
  • Biometric records (fingerprints, facial recognition, retina scans).
  • Medical records and health information.
  • Financial account details (bank account number, debit card number, credit card details).
  • Personal phone number.
  • Home address.
  • Email address.
  • Personal signature.
  • Usernames, passwords, and security questions.
  • Private IP address.

Nonsensitive PII 

Nonsensitive PII is a type of data that might seem sensitive but is too broad or general to identify an individual without additional context. However, when paired with actual PII, nonsensitive PII can help make profiling or tracking easier. For example, someone just knowing your city doesn't reveal to them who you are. But if a malicious actor pairs your city with your date of birth and workplace, they can significantly narrow down options about what person is associated with these pieces of information or even outright identify you.

Here's a complete list of nonsensitive personally identifying information:

  • Date of birth.
  • Place of birth.
  • Gender.
  • Race or ethnicity.
  • City and country of residence.
  • ZIP code.
  • Marital status.
  • Education history.
  • Employment information.
  • Social media profiles.
  • Browsing history.
  • Purchase history.
  • MAC address or device identifier.

What's the difference between personally identifiable information and personal data?

Personal data is a broader term than personally identifiable information. It includes any information related to an individual, called quasi-identifiers, that doesn't necessarily reveal an individual's identity. For example, online identifiers, such as IP addresses, browsing history, or device ID numbers, count as personal data but not personally identifiable information. The same goes for age, gender, or ethnicity — they are personal data but don't identify an individual without additional context.

What are the implications of exposed PII?

Things could go south quickly if a stranger gets their hands on your Social Security number or credit card details. They could pretend to be you, open accounts, take out loans, or commit fraud in your name. That could cost you a lot of money, wreck your credit score, or tarnish your reputation.

Now, imagine if your medical records get leaked — especially if they contain sensitive information about disabilities. Someone could use them to apply for disability benefits under your name or even use your medical insurance for their own benefit. And if a malicious actor gets your home address, they could try to rob you or put your physical safety at risk. 

Long story short, exposed PII can cause you stress and financial headaches. However, you can protect yourself. Knowing how your sensitive data gets leaked and how to protect it can save you a lot of trouble.

How does PII get exposed?

Some of the threats to your PII include:

  • Phishing scams. Phishing scams are among the most popular tactics hackers use to extort PII. They send out emails or texts that look like they are legitimately, let's say, from your bank but are designed to trick you into giving away your login details.
  • Weak passwords. Weak passwords make it easy for hackers to steal your PII, especially if you're using something like "password123" or reusing the same one across multiple accounts.
  • Public Wi-Fi. Free Wi-Fi at a cafe or an airport might seem convenient, but it is an easy way for hackers to intercept your data if you're not careful. 
  • Oversharing. Posting personal details like your birthday, location, or even travel plans can give bad actors the information they need to impersonate you.
  • Apps and websites. If an app or website you use suffers a data breach, your personal information might end up on the dark web without you even knowing.
  • Lost or stolen devices. If your phone or laptop isn't properly secured, whoever gets their hands on it might get access to your emails, banking apps, and private messages.

Global perspectives on PII

The definition of PII is different everywhere in the world. In the US, it refers to any data that could trace an individual's identity, such as their full name, Social Security number, or biometrics — either on its own or when paired with additional personal details.

Meanwhile, in the EU, the General Data Protection Regulation (GDPR) takes PII a step further and includes quasi-identifiers, like gender, ethnicity, or online identifiers, in its description. It also enforces strict rules on collecting, storing, using, and sharing personal data.

Australia and Canada also have their own data protection laws (the Privacy Act 1988 and Personal Information Protection and Electronic Documents Act, respectively) that define PII as any information that, alone or combined with other relevant data, can identify an individual. These regulations also outline how businesses and organizations should handle customer data to keep it secure.

How to protect your personally identifiable information

Hackers steal PII to exploit your identity, blackmail you, hijack your accounts, or sell your data on the dark web. Sometimes, stolen sensitive data can be just a minor inconvenience, like having to reset passwords, but in the worst cases, PII theft can cost you money or even cause legal problems. So implement as many of the following tips into your cybersecurity routine as possible to keep your personal information safe.

  • Strengthen your online security. Use strong, unique passwords for each account and never share them. Also, set up multi-factor authentication and update your software to protect your PII.
  • Be cautious when sharing your information. Avoid oversharing your details on social media and be mindful of what apps you permit access to your personal data to.
  • Watch out for scams. Never click on suspicious links or attachments in emails from unknown senders. Be wary of social engineering scams where attackers pretend to be someone trustworthy to extort your personal data.
  • Protect your devices. Use a reputable VPN to protect your PII, even on public Wi-Fi. It will encrypt your online traffic and make it hard for hackers to steal your identity.

How can NordProtect help protect your PII?

Besides the tips above, we've got you something extra to keep your PII safe — NordProtect, an all-around identity protection suite for US customers. It scans the dark web 24/7 to make sure your personal data isn't floating around in underground markets and monitors your credit for suspicious activity. 

And that's not all. NordProtect also offers identity theft recovery, cyber extortion protection, and online fraud coverage. In other words, it provides expert guidance and financial support if someone steals your identity. Our very simple but powerful feature is designed to elevate the protection of your PII.

Author image
Aurelija Einorytė

Identity theft is not a joke. That's why Aurelija creates clear and practical content to explain the ins and outs of the most common identity theft techniques and shares tips on how to stay safe online.

The credit scores provided are based on the VantageScore 3.0® credit score by TransUnion® model. Lenders use a variety of credit scores and may utilize a different scoring model from VantageScore 3.0® credit score to assess your creditworthiness.

You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.

No single product can fully prevent identity theft or monitor every single transaction.

Some features may require authentication and a valid Social Security Number to activate. To access credit reports, scores, and/or credit monitoring services (“Credit Monitoring Services”), you must successfully pass your identity authentication with TransUnion®, and your VantageScore 3.0® credit score file must contain sufficient credit history information. If either of these requirements is not met, you will not be able to access our Credit Monitoring Services. It may take a few days for credit monitoring to start after a successful enrollment.

NordProtect’s dark web monitoring service scans various sources where users’ compromised personal information is suspected of being published or leaked, with new sources added frequently. However, there is no guarantee that NordProtect will locate and monitor every possible site or directory where consumers' compromised personal information is leaked or published. Accordingly, we may not be able to notify you of all your personal information that may have been compromised.

Identity protection benefits are currently available to all customers residing in the United States, including U.S. territories and the District of Columbia, with the exception of residents of New York and Washington. NordProtect is not a licensed insurance producer. Benefits under the Group Policy are issued and covered by HSB Specialty Insurance Company. You can find further details and exclusions in the Summary of Benefits.

Our identity theft restoration service is part of a comprehensive identity theft recovery package that offers a reimbursement of up to $1 million for identity recovery expenses. To access the support of an identity restoration case manager, you must file a claim with HSB, which NordProtect has partnered with to provide the coverage. HSB is a global specialty insurance company and one of the largest cyber insurance writers in the U.S.