What is PII?

PII stands for Personal Identifiable Information — data that can identify an individual, such as name, email, phone, IP address, or device identifiers.

What constitutes PII leakage?

PII leakage is when this data is exposed or accessible to unauthorized parties due to insecure storage, transmission, or processing (e.g., misconfigurations, breaches, or insecure logging).

What methods are used to evaluate privacy leakage?

Common methods include data flow analysis, threat modeling, privacy impact assessments, access control reviews, encryption/pseudonymization checks, and third-party risk assessments.

How can you mitigate PII leakage?

Mitigate by minimising data collection, encrypting data in transit and at rest, enforcing strict access controls, redacting or pseudonymizing data, securing logs, and conducting regular privacy audits.

What is data minimization and why is it important?

Data minimization means collecting only what is necessary and retaining it only as long as needed. It reduces exposure risk and simplifies data governance.