Open In App

Personally Identifiable Information Leakage Vulnerability

Personally identifiable information leakage vulnerability is a vulnerability where the information gives specific details about a specific individuals,that in turns help to distinguish that particular individuals from the rest of other individual. Further, this vulnerability becomes critical when the information is used to track, identify or contact a particular individual. For example, the information  used to pinpoint a individual are – address,name,phone number,identifying number such as aadhaar number or pan card details,gender,date of birth, email address, or a combination of these things. The non-sensitive information of individual like name,gender etc can be transferred in an insecure form without causing any harm to the individual but the sensitive information like aadhaar card details,pan card number etc must be transferred in a secure way such as encrypting the data so as to prevent any unwanted exposure of the data or cause harm to the individual. Organizations uses PIIL (personally identifiable information leakage ) to understand which information are needed to be kept secure and which information dont need any extra security.

What kind of information can be regarded as personally identifiable information (PII):

The following are the categories of  Personally Identifiable Information:

Who is responsible to guard personally identifiable information (PII):

To safeguard Personally Identifiable Information of the users, it’s the responsibility of the individual as well as the responsibility of the organization that stores the data of the individual.but generally the organization makes sure to protect your data even if the organization is not meant to do so. The simple reason being is most of the consumers believe that the organization is responsible to safeguard their data, and if the organization fails to do so, then it may face reputational damage thus losing valuable customers even if the organization or the company is not really responsible for this. Therefore, every organizations always make sure to protect the data of their customers. The rise in data breaches is making the security standards of organization higher day by day. As new technologies are rolling out, newer kinds of threats and attacks are also rolling out. following are the main kinds of data breaches:

How the PII  gets exposed:

Personally Identifiable Information can occur in variety of ways making it difficult for the data security protocols to prevent such leakage and to protect sensitive or confidential information. following are the categories of threats-

Example of PII:

The below picture shows a live example of Personally Identifiable Information leakage.

as we can see, its an e-commerce website that looks somewhat similar to facebook. in this, when one clicks on seller info, a pop up is displayed on screen and it shows the city, pan card number,email id of the seller which is clearly leaking confidential information about that seller. now the seller can easily be targeted by misusing these information which is available to all the consumer of this website.Now we understood the vulnerability of this leakage.

How to protect personally identifiable information (PII):

As we discussed earlier about the sensitive and non sensitive data, thus its natural to protect only the sensitive data from leakage.Organizations must apply proper safeguards to protect the confidentiality of PII based on categories of PII in its confidentiality impact levels. following are the measures that need to be taken-

Article Tags :