Pii and Tmi, Giving the game away

Why you should be cautious about giving away too much personal information.

Decorative Image - Info iFollowing an earlier post about giving away privileged access to your informationI’d like to outline how you can unwittingly give away bundles of seemingly innocent information that could be used against you.

(For those of you wondering, Pii stands for Personally Identifiable Information and Tmi stands for Too Much Information)

Update – 17/08/2011

If you are of the opinion that the concerns laid out here are far fetched then consider this news article of a man that stole £35,000 from neighbours by befriending them on Facebook in order to gather information that he could use to circumvent their banking security.

Decorative Image - Medical RecordsSome information about you is confidential; stuff that is only accessible by privileged individuals for specific purposes.  This would be things like redacted criminal records (spent convictions or juvenile records for example), medical records or bank details.  A member of the public would not be able to read this information without breaking the law and would probably require extensive resources.  This information is (usually) considered to be sufficiently protected so we won’t worry about it here.
Some information about you is public knowledge; stuff that is readily accessible and probably known already to quite a few people.  This would be things like your name, date of birth and home address.  Some information about you is public record but not necessarily public knowledge; stuff that is publicly accessible but which may not necessarily be widely known.  This would be things like your parents names, middle or maiden names, previous addresses, employment record, education background and some criminal records.  If somebody wants to know this information, if they know where to look then the information is available to the public (sometimes for a nominal fee).
Some bits of this information are used for security purposes, usually to verify that you are you when logging on to a website or calling a telephone service.  The problem of course is that anyone can reasonably know this information so anybody with a little bit of effort could pretend to be you, reset a password or gain access to information that is otherwise not publicly available.  Unfortunately there is very little we can do about this.  If a service is only protected by this kind of information then consider if there are any reasonable alternatives.
If you’re particularly cautious then you could devise a false persona so that the answers you give to a question like “where were you born” is not the real answer.  These questions are only for security checks so giving a false answer is not fraud.  The problem with this is having to remember and protect far more than just a password.
Some services recognise this problem and instead of asking for public information they ask for personal informationthat is still relatively easy for you to remember; stuff that is not publicly known and is not by necessity written in any record.  This would be things like a favourite movie, holiday destination, childhood sweetheart or a pet’s name.Decorative Image - MoviesUnfortunately with the increasing popularity of social networking, we are being encouraged to share this personal information in places that are relatively public.  If you use Facebook you’ve probably seen the recent release of ‘Questions’ which is meant to help your friends know more about you.  You’re expected to answer questions like “what is your favourite book/movie/song/holiday” or “what would be your porn-star name?” and so we’re back to square one with the information that is used to verify your security becoming publicly available.
I’m not suggesting that we all stop sharing, it’s often useful and interesting to share with friends, you might uncover a mutual appreciation for tacky 80’s Sci-Fi or whatever.  What I am suggesting is that we spare some consideration to the answers we give, whether there is really any benefit in sharing this or that.  Many of your friends probably already know your favourite film so there is no benefit in writing it in a public place.
TL;DR Think before you type!Hope this helps 🙂

Image Attribution: Thanks to winnond @ FreeDigitalPhotos.net for the medical image.