PII Problem, The: Privacy and a New Concept of Personally Identifiable Information

Privacy and Security, Networks, the Internet, and Cloud Computing and Internet

Article Snapshot


Paul M. Schwartz and Daniel J. Solove


New York University Law Review, Vol. 86, pg. 1814, 2011


Article discusses the ways that U.S. Internet privacy law should be reformed to better protect all parties involved.

Policy Relevance

Current Internet privacy laws that restrict sale and use of personally identifiable information (PII) are flawed because new methods have been created to circumvent these restrictions. However, the personally identifiable information system should be reformed, not discarded, in order to remedy the problem.

Main Points

  • Internet privacy laws exist to prevent companies who gather information from their consumers from selling that information without the consumers’ consent. To protect consumers, current privacy law restricts the collection and use of personally identifiable information, which consists of information that can be traced back to the consumer.
  • There are currently three competing definitions of PII used in privacy law:

    • The first defines PII as any information that identifies a person. This includes names, phone numbers, and anything else that can be directly linked to the user.
    • The second defines PII as non-public information. This definition protects information collected that is not usually in the public domain.
    • The last definition of PII lists specific types of information that are protected by privacy law.
  • The complexity arising from having multiple definitions of PII along with modern technology, which allows for much of what is currently considered non-PII information to be linked back to its user, suggests that a new system for privacy protection may be necessary.
  • While other articles have suggested doing away with PII completely, a more workable and plausible solution is to modify the PII system in order to have it better adapt to changing technology. This modified approach is called PII 2.0.
  • PII 2.0 separates personal information into two categories: information that identifies its user and information that could possibly be traced back to its user. Depending on which of these two categories information falls into will determine the different level of privacy protection that it will receive.
  • Tests of behavioral marketing to adults and food marketing to youth suggested that PII 2.0 provides better privacy protection on the Internet. However, additional tools, such as user education, are also necessary to fully protect Internet users’ private information.

Get The Article

Find the full article online

Search for Full Article