Class Actions and PII - Personally Identifiable Data

Class Actions and PII - Personally Identifiable Data

What is PII Personally Identifiable Information?

Photo Credit: Unsplash | Updated: September 15, 2024

Data Breach Class Action Settlements

You may have heard of some data breach class action settlements involving a range of topics from consumer products to data breaches. On this very website, you may have seen links to various class action settlement sites that ask for some personal information (name, date of purchase, purchased amount, receipts) in order to file a claim.

For instance: These data breach settlements and investigations involve some of the biggest companies in the United States leaking sensitive customer or consumer data.

Often you've faced online forms that seek to gather your personal information with the intent to benefit you, only to end up finding out that they're only doing this for their own benefit like data mining or marketing analytics. You'd be valid in your cynicism or skepticism. So how do you know what these lawyers and law firms are doing with your personal information?

Understanding Personally Identifiable Information (PII)

Personally Identifiable Information, commonly known as PII, refers to any data that can be used to identify a specific individual, either directly or indirectly. This concept encompasses a wide range of information, from obvious identifiers like names and Social Security numbers to more subtle data points that, when combined, can pinpoint a person's identity.

The Significance of PII

In our increasingly digital world, PII has become a critical concern for both individuals and organizations. The importance of PII stems from several factors:

Privacy Protection: As personal data becomes more valuable, safeguarding individual privacy has become paramount.
Legal Compliance: Many laws and regulations now require organizations to protect PII, with severe penalties for non-compliance.
Financial Implications: Data breaches involving PII can result in significant financial losses for both companies and affected individuals.
Reputation Management: Organizations that fail to protect PII may suffer severe reputational damage.

Types of Personally Identifiable Information (PII)

PII can be categorized into various groups:

Basic Identifiers: Name, date of birth, gender
Contact Details: Address, phone number, email
Professional Information: Employer, job title, work history
Government-Issued IDs: Passport number, driver's license, Social Security number
Health-Related Data: Medical records, biometric information
Digital Footprints: IP addresses, online usernames, browsing history

PII Exposure Risks

PII can be compromised through various means:

Internal Vulnerabilities: Employees or contractors may accidentally or intentionally mishandle sensitive data.
External Attacks: Cybercriminals may target organizations to steal valuable PII.
Technical Oversights: Improperly configured systems or software can inadvertently expose PII.

Protecting PII

To safeguard PII, organizations should:

• Implement robust data security measures
• Provide regular employee training on data handling
• Conduct frequent security audits
• Develop and enforce strict data protection policies
• Stay informed about evolving privacy laws and regulations

Why do I need to provide personal information when filling out a claim form?

The personal information you submit in your claim for is used by the lawyers representing class action members in a class action settlement to:

• Determine your eligibility and the validity of your claim,

• Compare, if necessary, against an existing database of information,

• Assess the proportionate claim amount you are entitled to.

Any information reviewed and stored by the class action administrators is maintained and accessed as per the stated privacy policies of the website. For instance, many class action law firms and their partners adhere to a well-established privacy policy standard known as the GDPR. Make sure to check the privacy policy section of any website you visit to ensure that you are aware of and comfortable with the way that your data is retained and used before you submit your information in any forms.

What is the Genetic Information Protection Act?

PII can also be considered your biometric or genetic information, according to certain interpretations of the Illinois GIPA laws. GIPA, or the Genetic Information Protection Act, is an Illinois law that seeks to protect genetic information of Illinoisians. The protection is provided for individuals' privacy and non-discrimination based on their "genetic" information, as defined by HIPAA.

Generally, the law does not allow employers to make decisions based on certain HIPAA defined "genetic" factors such as RNA, DNA, proteins, chromosomes, metabolites, mutations, or chromosomal changes. It also prohibits the release of some of this private information to anyone other than the person being genetically tested. This is similar to how personally identifiable information is protected.

Providing Accurate Information to Class Action Administrators

This should go without being said, but make sure that you fill out claim forms with information that is up-to-date and as correct as possible to your best knowledge. The information you provide should be current, and include valid email addresses and phone numbers with your claim submission. It is your responsibility to supply accurate contact information to the class action claims administrator for you to receive a payment. Some class administrators may confirm your email or cell phone number, or notify you of upcoming settlement payments.

Additionally, accurate contact information will ensure that any follow up from class action claims administrators reaches you using the contact information you provide. This may be a good method for you to contact claims administrators in the event that any of your pertinent information changes such as your home address.

How Concerned Should I Be About My Data?

As a rule of thumb, you can always err on the side of caution by doing your due diligence. Meaning, read the privacy policy pages of any website where you are submitting your personal data, and make sure to record where and when you have submitted any data that is deemed personally identifiable information or personally sensitive information.

How Do I Find Class Action Settlements?

Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:


Find Data Breach Settlements