Privacy·4 min read·

What Is PII? A Plain English Guide to Personal Information

PII stands for Personally Identifiable Information. Understanding what counts as PII - and why it matters - is the first step to protecting yourself and others.

Every day, we casually share documents - invoices, resumes, ID proofs, reports - without thinking twice.

But hidden inside most of these files is something far more sensitive than the document itself: your identity.

PII stands for Personally Identifiable Information. It is any data that can be used to identify a specific individual - either on its own or when combined with other information.

And here’s the problem: most data breaches and privacy leaks don’t happen because of hackers - they happen because someone shared a document they shouldn’t have.

What Counts as PII

Direct PII

This information identifies someone on its own:

  • Full name
  • Aadhaar number
  • PAN card number
  • Passport number
  • Social Security Number (SSN)
  • Date of birth
  • Email address
  • Phone number
  • Home address
  • Biometric data (fingerprints, face photos)
  • Bank account number
  • Credit or debit card number
  • Driver's licence number

Indirect PII

This information can identify someone when combined with other data:

  • IP address
  • Device identifier
  • GPS location
  • Job title combined with employer
  • Photograph
  • Postcode

Sensitive PII

A subset of PII that carries higher risk:

  • Medical and health information
  • Financial account details
  • Government-issued ID numbers
  • Racial or ethnic origin
  • Religious beliefs
  • Sexual orientation

Why PII Matters in Documents

The problem with PII is not that it exists - it is that it appears in documents that were not designed to be shared publicly, and then gets shared anyway.

Common examples:

Shared invoices contain client names, addresses, and bank details.

Scanned ID documents contain Aadhaar numbers, PAN numbers, passport numbers, dates of birth, and photographs.

HR documents contain employee names, salaries, bank account numbers, and personal addresses.

Medical reports contain patient names, dates of birth, diagnoses, and insurance numbers.

Legal documents contain party names, addresses, and case-specific identifiers.

When these documents are shared - even internally within an organisation - the PII they contain is exposed to people who may not need access to it.

A Real-World Scenario

You share a simple PDF invoice with a vendor.

It includes:

  • Your full name
  • Address
  • Bank details

The vendor forwards it internally. Someone downloads it. It sits in an email thread forever.

Nothing “malicious” happened - but your PII is now exposed far beyond its intended scope.

This is how most privacy leaks actually happen: not through attacks, but through everyday sharing.

Your Responsibility Around PII

If you handle documents containing other people's PII, you are responsible for limiting exposure - not just access. This applies to:

  • Sharing documents with redacted versions instead of originals
  • Stripping metadata from scanned documents before sharing
  • Not forwarding documents containing PII unnecessarily
  • Storing documents containing PII securely

A simple rule:

If someone does not absolutely need to see that information, they should not have access to it.

In many countries this is not just good practice - it is a legal requirement. GDPR in Europe, DPDP Act in India, CCPA in California, and HIPAA in the US all establish obligations around how PII must be handled.

Quick Checklist Before Sharing Any Document

Before you hit send, ask:

  • Does this document contain names, IDs, or financial details?
  • Can I remove or hide this information?
  • Am I sharing more than necessary?

If the answer to any of these is yes, you should redact the document first.

How to Remove PII Before Sharing

The safest approach is to redact PII before sharing any document:

  1. Automatic detection - use a tool that identifies PII automatically using pattern matching and AI
  2. Manual review - check for any PII the automatic detection may have missed
  3. Export clean version - share only the redacted copy, never the original

StripPii automatically detects PII in PDFs, images, and documents on Mac and iPad - including Aadhaar, PAN, SSN, email addresses, phone numbers, credit card numbers, and more. Everything is processed on your device with no uploads required.

The Bottom Line

PII is everywhere - in invoices, reports, IDs, and everyday documents.

The risk is not in collecting it. The risk is in sharing it without thinking.

Before you share any document:

  • Assume it contains sensitive data
  • Minimise what you expose
  • Redact what is not necessary

Because once PII is shared, you lose control over where it ends up.

StripPii automatically detects and redacts PII from documents on Mac and iPad. 100% offline. Download free from the Mac App Store.

StripPii

Try StripPii free

Strip PII from documents on your Mac and iPad. 100% offline.

Download Free
← Back to all articles