Personal Information and Cybersecurity Q&A

Information security is a primary concern of information technology department of all organizations and entities. Similarly, common people are also now becoming familiar with information security. In this post types of information, especially types of personal information are introduced in a question-and-answer format.

What is personal information?

Any attribute that is associated with you the person and that identifies you is your personal information. For examples, your given name and you family name are personal information.

Many people have my given name. How can it be personal?

Personal does not mean unique. Your given name is just one of the many personal information attributes to identify you. For example, many people have given name Mike and driver’s licenses of all Mikes bear their names, but deriver’s license has more information. When all those information attributes are linked together, each Mike’s identity on the driver’s license will be unique. Moreover, assigned number is unique.

Okay, what if Mike change his name to Tom?

Good question. Personal information can be divided into two categories, static and dynamic. Given name falls into the dynamic category of personal information. So, given name may change dynamically with time and intention.

What is static personal information?

Personal information that cannot change with time fall into the static category of personal information. For example, date of birth, parents, and place of birth, etc.

Is my family or last name static personal information?

Yes and no. The family name or last name is usually inherited. But, when a girl get married her family name may be changed to her husbands family name. Also, if a child is adopted, her/his family name may be changed to the adopted family’s family name.

What is dynamic personal information?

Any personal information that change with time. Most of the physical attributes of a person fall into the category of dynamic personal information. For example, many physical attributes such as age, weight, height, and facial appearance are considered dynamic personal information. Also, address of the person, and employer etc. are dynamic personal information.

What is private personal information?

Any personal information that is not required to be made available to others. The list of attributes that are associated with a person that are personal varies from country to country. For example, in USA medical records and academic records are private records and information in them are private personal information.

What is public personal information?

Any personal information that are available to others, such as government, are public personal information. For example, real property owner’s name is available to everyone and hence, is a public information. In USA, criminal records of a person is public personal information.

What is personally identifiable information (PII)?

Any information that can establish identity of a person uniquely is personally identifiable information (PII). For example in USA social security number is a PII. Similarly, passport of a person is considered to be a PII. However, it is important to understand that a PII is valid only in a given context. For example, ID number of a college student is a PII in the college s/he is enrolled.

How is PII is created?

Good question. A PII is created from a set of personal attributes or personal information. To get a social security number one must provide a minimum of 9 items: (a) First name (to be shown on card), (b) Last name (to be shown on card), (c) place of birth, (d) date of birth (e) citizenship, (f) ethnicity, (g) race, (h) sex, (i) parent/mother’s name at her birth. Other three optional items are: (j) parent/mother’s social security number, (k) parent/father’s name, (l) parent/father’s social security number.

Don’t some attributes used to create PII may change?

Yes, but change of attributes are very infrequent and any change to any attribute should be reported to the PII issuing authority. For example, change of address of a person should be changed to his driver’s license.

What is personally sensitive information (PSI)?

Any information of a person that can be exploited by a malicious actor to cause harm to the person, or to cause financial loss is personally sensitive information (PSI). For example, credit card information, banking information, education records, and health information are examples of PSI.

Many colleges have many of my PIIs and PSIs, because to complete my college application, I had to submit my high school transcripts, my SAT (Scholastic Aptitude Test) scores, and also FAFSA (Free Application for Federal Student Aid) to them. Will the colleges keep them out of reach of cyber-criminals?

Very interesting question. In your college application you have your (a) full name, (b) date of birth, (c) your social security number (a PII), (d) name of high school(s) you attended and attending, (e) SAT scores (a PSI), and (f) grade point average (a PSI). Also, you may have used a credit card to pay for the application fees and SAT score reporting fees. These colleges are expected to try to keep them safe. Institutions follow CIA triad for protecting PII and PSI.

What triad? CIA?

Yes, that is right. CIA triad. It stands for Confidentiality, Integrity, and Availability — not Central Intelligence Agency (of the United States of America).

That sounds complicated. Why managing PII and PSI are that complicated?

Managing PII and PSI are complicated, because the institutions want to keep your PII and PSI confidential to the outside world. But the colleges need your application folder available to the evaluators in the admission office. Moreover, they have to ensure that no one can change your applications and supporting documents, that is, their integrity must be preserved. You can see that they have three contradictory requirements. Meeting these contradictory requirements is a challenge.

How long will the colleges keep my PII and PSI?

A good question. There is no rule and it will depend on the college to decide.

Do all organizations follow CIA triad?

Yes, most organizations collect some PII and PSI for people within the organization, and people with whom they do business, and CIA triad is part of cybersecurity policy of information technology department of all major organization. Moreover, a set of protocols are put in place to ensure each component of the triad.

How information technology department (of an organization) know that their CIA triad policy is working?

Most organizations hire outside auditors to evaluate their CIA triads. Also, periodically internal cybersecurity committee evaluates the security protocols, including CIA triads.


Subscribe for free. We hate spam. Your email address will not be sold or shared with anyone else.


  • Susan Bennett

    April 24, 2018

    Hello, after visiting your web-site I wanted to let you know that we work with companies like yours to publish a custom-made marketing and promotional video, featuring your company online.

    The 90-second video below shows you what this custom-made video can do for your company:

    Click to watch the video

    And if you like, we’ll send you a free marketing report for your company.

    Thanks for your time.


    Susan Bennett
    Your Video Spokes
    860 1st Avenue
    King of Prussia PA, 19406

    If you received this commercial message in error I’m sorry. To stop any correspondence just visit:

    • CAP

      April 30, 2018

      Dear Susan,
      Thank you for visiting our website and the link to the video. We greatly appreciate it.


  • Karen Davis

    May 8, 2018

    I stumbled on this video and didn’t know if it would be helpful for

    Karen D

    617 Hampshire Rd, #346 Westlake Village, CA 91361

    If you received this commercial message by mistake, my apologies. To prevent any future messages please visit:

    • CAP

      May 8, 2018

      Thank you Karen.

  • Randy

    June 11, 2018


    My name is Randy and I was looking at a few different sites online and came across your site I must say – your website is very impressive. I found your website on the first page of the Search Engine.

    Have you noticed that 70 percent of visitors who leave your website will never return? In most cases, this means that 95 percent to 98 percent of your marketing efforts are going to waste, not to mention that you are losing more money in customer acquisition costs than you need to.

    As a business person, the time and money you put into your marketing efforts is extremely valuable. So why let it go to waste? Our users have seen staggering improvements in conversions with insane growths of 150 percent going upwards of 785 percent. Are you ready to unlock the highest conversion revenue from each of your website visitors?

    TalkWithLead is a widget which captures a website visitor’s Name, Email address and Phone Number and then calls you immediately, so that you can talk to the Lead exactly when they are live on your website — while they’re hot!

    Try the TalkWithLead Live Demo now to see exactly how it works. Visit:

    When targeting leads, speed is essential – there is a 100x decrease in Leads when a Lead is contacted within 30 minutes vs being contacted within 5 minutes.

    If you would like to talk to me about this service, please give me a call. We do offer a 30 days free trial.

    Thanks and Best Regards,


Leave a Reply