What does PII mean to you?

Personally identifiable information (PII)  is any data that could potentially identify a specific individual.  Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

What does that mean to you? Think about how frequently you use your phone or tablet for shopping, researching, banking, social media, or just playing games. Would you want someone collecting personal information about you, such as your location, e-mail address, age, sex, or contact information? Most internet users realize that critical pieces of their personal information are being collected but don’t know the extent of how much and what it is being used for.

Researchers from MIT, Harvard, and Carnegie Mellon  found that apps downloaded from Google Play or the Apple Store may be sharing personal information with third parties, with Android apps spying more than iOS apps. Of the 100 plus apps that were reviewed, 73% of Android apps shared personal information like email addresses, and 47% of iOS apps shared location information. The study found that Android apps were far more likely to share personally identifying information, such as one’s name, than iOS apps. Also, 3 out of 10 apps under the “Medical Health and Fitness” category share medically related search terms. In translation, if you were to search for “herpes”, that would now be something known about you. I think that that’s a little scary, and most people are not willing to share their PII. Is it a little creepy? I definitely think so!

“What can I do about it?” you might ask. Simply put not much, because you’ve consented to it. Companies are allowed to collect this information because of their privacy policy or terms and conditions agreement with you. Every company has them, but how many of us actually take the time to read them? Half of online Americans don’t know what a privacy policy is.  Did you know that a privacy policy is a legal document that discloses how a customer’s data is managed and used, not how a company keeps all the information collected confidential?

The reality is that most users don’t read them, and, intuitively, when we encounter something that reads “privacy policy”, we believe that it’s something that is protecting our privacy, and that’s not always the case.  As emerging technologies continue to advance, companies will continue to seek ways to collect our PII. Users will continue to reveal personal information as wearable devices, more apps, smart appliances, and connected cars become available. Just beware of the personal information that is being collected the next time you download an app or search the internet.

If you’re one of the billions of people who have downloaded the Facebook Messenger app downloaded the Facebook Messenger app. Here is a list of some personal information the Screen Shot 2016-03-22 at 10.38.30 PMapp is allowed to access.

  • Allows the app to change the state of network connectivity
  • Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation.
  • Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation.
  • Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation.
  • Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.
  • Allows the app to read you phone’s call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
  • Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals.
  • Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others.
  • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
  • Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed.

The below below chart shows various ways internet users have tried to limit their PII from being observed online.

Screen Shot 2016-03-22 at 10.31.49 PM