The modern world is one where information is a commodity that out-values silver, gold or diamonds by an extremely wide margin. The exchange of up-to-the-second information is an essential part of the financial industry and global economies by extension.
For businesses outside of finance, information is still a critical resource, whether that is breaking news, market trends, shifts in fashions or anything else that may change the playing field. One type of information that is universally essential to all customer-facing businesses, however, is PII, or Personally Identifiable Information.
What is PII?
PII is any kind of information that can be used to directly identify a person, ranging from their address to their social security number and all the way up to persons healthcare information. It includes many forms of communication at different levels of authority, such as someone’s e-mail address, their phone number or even their Twitter or Instagram handle.
As a rule, the more tied something is to other identification or other systems, the more authoritative it is as a source of information. For instance, Facebook accounts can be made en masse with different email addresses, whereas a bank account number can only be generated through an extensive process with multiple stages of verification.
PII is also the most protected kind of data in the world owing to the risks to an individual of their personal data being widely shared, like an address or credit card number. Most global regions and nations have their own data protection procedures in place, with each system regulating exactly how companies are expected to process, retain and gain consent for the use of PII.
Using PII in Business
There are two main issues with the use of PII for businesses, although they come from entirely different directions. The biggest concern is false data which can cause issues for any business and potential catastrophes for some.
Take, for example, an electronics retailer selling items on a payment plan basis. They may require an address, a credit card and a contact phone number from a customer as part of the transaction. Both the phone number and credit card would be relatively simple to fake, so companies often require active proof of residence such as energy bills in the customer’s name. The alternative would be risking a customer that leaves a fake address and vanishes with the product before all payments are made.
One common issue with online services is tied to IP addresses. Companies licensed to operate in a specific region often face issues linked to the use of VPNs provided by companies like TunnelBear, or proxy connections which can make any user appear to be from a completely different location from where they actually are. This is particularly an issue for streaming services like Netflix where they only have the right to show certain TV shows and movies in certain regions like the US or UK.
Another headache for companies is the creation of bots and non-human recipients of marketing materials. PII can potentially be used by companies for targeted adverts, however, ad companies will charge for set numbers of views per ad. IP detection tools need to be used to make sure the data being collected, as well as the people being targeted, are genuine humans. These tools include things like seons’s ip lookup guide for checking whether a certain IP address is known to be a proxy or has been previously linked to bot or fraudulent activity. The risk otherwise is throwing thousands into a marketing campaign only for your ad to either contain completely wrong data or be wasted on bots.
Related: Top reasons to use a VPN
The Rules of PII
Going back to the regulation mentioned previously, this forms the other main issue behind the use of PII for businesses. Data protection regulations can be found around the world in a lot of different forms, and while most follow the same basic principles, the tricky part is that the exact details are often widely different.
According to the most official source, the United Nations, around 59% of countries around the world have consumer data protection laws in place, however, with the exception of the shared GDPR laws of the EU, each set of legislation is unique and there is no international standard beyond that. In some countries, there isn’t even a unified national code in place; in the US, consumer data is mainly regulated by individual states.
This, of course, creates an issue of compliance for companies, especially those that operate internationally. For instance, some regions only require that the company is compliant in their own country of origin, whereas the EU requires any site that can be accessed from an EU country to be compliant with the GDPR. This has led many US-based sites, such as media and news networks, to block access to EU users and display an apology message rather than change their data collection processes.
The Advantages on Balance
The biggest advantage for businesses behind the collection of PII, where allowed, is for the purposes of targeted marketing. While compilations of general demographic data such as gender, age range, and other general details can be helpful to some extent, having precise information is many times more valuable. It is the main reason why, despite the well-known annoyance for users, websites almost universally request cookie permission on a first visit.
Given that such heavy restrictions exist on the use of PII for marketing purposes, however, many companies are currently reserving it for contract and legal purposes. Instead, many companies such as Amazon are relying on algorithms based on bulk data which are proving even more efficient at targeting customers. These algorithms are constantly being refined and trained with surprising results, and are sophisticated enough to, infamously, predict that a customer may be pregnant based purely on their buying habits.
So the final question is, where does PII sit today as a business tool? In short, it is best treated as a rare resource and one that must be handled with extreme care at that. While it can be incredibly valuable and provide a huge amount of opportunity for marketing, it also comes with extensive risks if mishandled. Whenever PII needs to be collected, it should be secured, verified and used only when absolutely necessary.
Also read: Cyber Terrorism: Nature Of The Threat And How To Counter It?
