Since the dawn of direct marketing strategies, think for instance of mailed catalogues or the first telemarketing activities, personally identifiable information, more properly known as PII (Personally Identifiable Information), has been considered by brands and companies as the foundation on which to build their strategy.
For decades, marketers and advertisers have tried to reach and engage users with tools and tracking systems based on third-party cookies in order to personalise their browsing and purchasing experience.
But the context has evolved again, and in the face of the much announced cookie deprecation, those data and information useful to identify an individual and provided by the user himself, have taken on a new centrality.
We speak more generally of first and zero party data, of which personally identifiable information still represents a relevant segment.
But what data and information can be considered personally identifiable? Let us clarify.
Personally identifiable information: what data to consider and how to categorise it?
As partly anticipated, the term PII (Personally Identifiable Information) refers to all information that, when used alone or combined with other data, can clearly and unambiguously identify an individual.
This category therefore includes, for example, first name, surname, telephone number and email address, but also information relating to race, religious belief, or date of birth.
Particularly data such as first name, surname, email or telephone number, as can easily be deduced, allow the individual person to be identified directly, whereas other information can only be traced back to a specific individual if it is combined with the former.
Personal identification information can thus be distinguished between direct and indirect information. However, this distinction is not the only one that can be made: PII can also be further divided into sensitive and non-sensitive information.
Sensitive information is defined as any information that directly identifies an individual and can cause significant damage in the event of theft or loss. Examples are social security data, financial information, bank account numbers, credit card numbers.
On the other hand, data such as first name and surname, telephone number, date and place of birth, e-mail or postal address, race, religion, or data that in most cases are also present in publicly accessible documents and archives, are not sensitive.
However, it must be remembered that the difference between sensitive and non-sensitive information often also depends on the context of reference. Let us imagine, for instance, the case of a telephone number: it might be non-sensitive data if it is present and publicly accessible, but it could become so if it is included in a database relating to numbers used for two-factor authentication to access a restricted area of a website or an APP.
Personally identifiable information and privacy: at the heart of regulations
Personal data and privacy: a topic as complex as it is topical. For years, companies operating on a global scale created their own competitive advantage by adopting the same cross-country approach in their operating models and especially in their data management.
Today this is no longer possible: according to data released by McKinsey, more than 75% of the world’s countries have implemented data localisation regulations and obligations with significant implications for data governance, data architecture, and interactions with regulators.
Further complicating the picture is the very definition of personally identifiable information: not all countries observe the same standard levels of protection and the data to be protected are not always the same.
In this regard, let us recall the definition that the GDPR provides precisely with regard to the processing of personal data.
The GDPR defines personal data as ‘any information relating to an identified or identifiable natural person (referred to as a ‘data subject’); such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of that person’s physical, physiological, genetic, mental, economic, cultural or social identity’.
Generally speaking, the guidance provided by the GDPR therefore imposes rather strict control on organisations and companies with regard to PII, whether the information is deemed sensitive or not.
Information and personal data: paving the way for people-based marketing!
Data and personal information on the one hand, cookies and devices on the other: these are not two opposing worlds, although it can certainly be said that they refer to two slightly different marketing approaches: the data-driven approach and the increasingly popular people-based approach which, if you like, can be considered as an evolution of the former.
If the data-driven approach is mostly based on the analysis of big data, the people-based approach puts the customer relationship at the centre. While the former emphasises the collection and analysis of as much data as possible on the consumer, the latter focuses on an in-depth knowledge of the individual that also includes information and the collection of personal data.
A truly people-based marketing approach requires a holistic view of the customer. In this, Blendee offers the right tools, representing the first end-to-end solution that allows not only the entire customer journey to be monitored
but also the orchestration of the customer journey in an omnichannel perspective, but that’s not all: Blendee enables the creation of unified customer views that are complete and updated in real time, cross-device, cross-site and above all cookieless, thanks to effective identity resolution processes.