Don’t Let Thieves Steal a Piece of Your PII

By Matt Cullina,

Of all the things you pray you never lose, I’ll bet your library card isn’t one of them. What’s the worst that could happen?

Last summer, a California woman found out – to the tune of $643. Someone used her card to check out books, and never brought them back. Since the woman didn’t cancel the missing library card, she got slapped with the lost-book fines.

Those missing books can teach us a powerful lesson: Our personally identifying information—or PII—is everywhere, and identity risks exist in situations (like a lost library card) that we’d never think twice about.

Most of us are good at safeguarding our Social Security, credit card, or driver’s license numbers. But few think about our name and address as assets worth protecting. And fewer still take the time to inventory the identity relationships we have with the companies, organizations, and individuals we entrust with our data.

So … if you don’t yet have one, here’s an idea for a New Year’s resolution: Create your own PII Chart&™ like the one above. See how your identity isn’t just a password here or a number there, but an entire picture of the identity relationships you’ve created. Once you visualize the slices of your PII, managing your identity assets becomes a lot easier.

• Create your PII Chart&™. By category, note every relationship you have with organizations that keep personally identifying information about you. Don’t stop with common slices of PII like employers, schools, doctors, creditors, banks, and email providers. Your identity lives in less obvious places, too – your Zappos.com, Facebook, and eBay accounts; frequent flier programs; homeowners associations; churches; volunteer organizations; hobby clubs; even with household helpers and, yes, libraries.

Your kids have PII Charts&™, too! Think daycare, pediatricians, schools, gaming and iTunes accounts, Little League associations, and summer camps.

• Separate the slices. Identity takeover happens when thieves breach one area and find their way into others. To block their path online, set up unique passwords for each PII category. For example, don’t use the same password to log into your Facebook account that you use for online banking. Dedicate a single credit card to online shopping, and don’t use it for anything else. Ditto for your child’s online gaming account (and NEVER link it to a debit card tied to your bank account).

Set limits on who-knows-what for each slice of your PII. For example, under “children’s activities,” do your kids’ pottery and karate teachers need their complete birth dates or will month and day do?

• . Trim the amount of data you keep out there to reduce risk.Delete unneeded data on your smartphone (including “forgotten password” reset messages). Purge old files from your laptop. And if your smartphone is still geotagging photos (sometimes a default setting), consider disabling the feature. Photos are part of your PII, too.

As the definition of identity evolves to include our online personas, photographic images, medical records, and more, we need to strike a better balance between convenience and vigilance. After all, can you think of a more important asset to protect than the very essence of who you are?

Matt Cullina, Chief Executive Officer,
Matt has 15 years of insurance industry management, claims and product development experience. He spearheaded MetLife Auto & Home Insurance Co.’s personal product development initiatives, managed complex claims litigation, and served as a corporate witness for Travelers Insurance and the Fireman’s Fund Insurance Co.