Playbooks & Whitepapers

Blog

Last update: July 2020

5 mins to read - 2019/06/17

What Is PII (Personal Identifying Information)?

Between our desktops, our devices, and any other smart gadgets we use throughout the day, people are online constantly. And everything we do, post, buy, or browse leaves an internet trail mapping out our digital identities. The information we leave behind that can identify us – including our address, phone number, social security number, and more – is our Personal Identifying Information (PII).

And in the so-called “attention economy,” where our PII is in many ways our most valuable asset, making companies like Facebook and Google billions in ad revenue, it becomes crucial to make sure that our PII is in the right hands.

But what exactly is PII, and how can you ensure that your app is staying compliant to local data regulations?

Blue computers and binary code

Linked PII and Linkable PII

PII is a term used solely in the United States, and has a strict definition. According to a memorandum from the Executive Office of the President, Office of Management and Budget (OMB), PII is:

“Information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.”

There exist two types of PII: linked and linkable. Linked PII generally consists of identification numbers, which a higher institution assigns to the individual:

  • Full name
  • Date of birth
  • Telephone number
  • Address
  • Social security number
  • Passport number
  • Driver’s license number
  • Credit card number

Linkable PII includes more background demographic information, which could be useful in identifying an individual in combination with other pieces of PII, such as race, gender, age, job and workplace, etc.

The EU uses the blanket term “personal data” to refer to a person’s identity in a more holistic sense, including any identification numbers, geo-location data, IP address, and any information that might points toward your physical, psychological, social, or cultural identity. This could mean any information about websites you’ve visited, articles you’ve clicked on, locations where other people have tagged you, or social media pages you’ve liked.

Our understanding of personal data has become much more sophisticated in recent years. And while you may be more worried about someone accessing your credit card number as opposed to, say, a list of political organizations you’ve donated to, numerous data breach scandals have proved that unscrupulous organizations can do unprecedented damage with even the peripheral information.

Orwellian data screenshot

What Is PII in the Context of European GDPR?

The EU’s General Data Protection Regulation (GDPR) legislation came into effect in 2018, protecting the personal data of all EU citizens. In this context, personal data is defined as 

“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

GDPR strengthens European citizens’ rights over their personal data. This gives device users much more control and agency in the handling, storage, and processing of their personal data. Essentially, whoever handles an individual’s data must be upfront and transparent on the following fronts:

  • treatment of processed data
  • recipients of that data
  • countries outside of the EU to which they will transfer that data

European citizens have the right to request access, restriction, and deletion of their own data. And they can object to usage of that data at any time.

In June 2018, California implemented a similar data privacy law, set to go into effect in 2020. Once it is implemented, it will be the strictest and most comprehensive data privacy regulation in the United States. Moreover, the US currently also has the HIPAA and COPPA regulations to oversee lawful and ethical management of data in the healthcare industry and for minors, respectively. However, outside of these two sectors, PII covers a narrow scope of data compared to its European counterpart.

PII and Data Breach Disasters

Everybody knows that companies utilize our data to target us with ads and personalized messages. This is one of the driving factors in composing a relevant, effective push notification (we’ll get into that more below). However, when companies manipulate or sell off data in a way that users haven’t explicitly given their consent to, that’s when scandals occur.

In fact, the infamous Cambridge Analytica scandal, in which the data analytics company trawled through Facebook users’ personal data to influence the 2016 election and Brexit referendum, predated GDPR coming into effect barely by two months.

And as individuals have become more aware of what is happening to our data, more data breaches have been coming to light. For example, the popular video-sharing app TikTok suffered a data scandal in early 2019, when they were fined $5.7 million by the FTC for violations of COPPA. These included:

  • not enforcing their minimum age bar
  • collecting children’s data without parents’ consent
  • allowing geolocation and direct messaging of child users by adults on the platform

A calming blue orb

Ensure Your App Is Regulation-Compliant With OpenBack

Companies are scrambling to update their privacy clauses in the light of crackdowns on data abuse. As such, the thought of staying compliant with different regional laws may seem overwhelming.

Staying connected and maintaining a positive rapport with your customers requires the leveraging of personal data to personalize push notifications. In fact, all mobile engagement platforms use customer data to target push notifications, but how can you be sure that you’re acting legally and ethically?

OpenBack makes this easy for you, because our unique platform bypasses sending user data to external cloud servers, and instead engages with data entirely on the device. In addition to being more secure, this means that OpenBack is GDPR, HIPAA, and COPPA-compliant by default. With our SDK you can specifically select which data regulations you want to follow, depending on where you’re located. OpenBack also allows for immediate deletion of user data if requested.

Learn more about what makes OpenBack’s push notification platform the most advanced in the world, by checking out our product page.

Calculate how much your revenue would increase per month using OpenBack:

Submitting...