technical August 09, 2016

The Individual PII Data Type

A PII record is an individual’s personal information placed under monitoring.

PII records contain full names, addresses, social security numbers, and other sensitive personal information. PII, simply put, is the sensitive information that could bring personal harm to someone, if exposed. The records are fingerprinted and compared against the billions of fingerprints that Matchlight’s crawler indexes every day. In the event that Matchlight locates a match for a customer’s record, the customer instantly receives an alert. Alerts contain a record identifier, the date and timestamp found, the URL of where the information was found, and which group of monitored records it exists in.

Use Cases:

  • Monitor the PII of a company’s CEO.
  • Monitor the PII of an employee whose company computer was recently breached.
  • Monitor the PII of a high-value customer.

How We Treat This Record Type:

Variant Generation: To ensure that Matchlight’s web crawler finds clients’ information, PII records are fingerprinted in multiple ways to account for common abbreviations, additions, and formatting changes online. For example, with a PII record containing the full name “John Q. Smith,” Matchlight will generate multiple fingerprints, arranging the name pieces in different ways and using different variations of the name. Using the above example, Matchlight would create fingerprints for Johnathon Smith, Smith John Q., Johnathan Q. Smith, and more. For addresses, Matchlight will generate fingerprints for shortened descriptions, such as “St.” for street, and “Ct.” for court.

Multi-field Matching: Because names can belong to other people, and addresses change ownership over time, Matchlight’s multi-field matching for PII records ensures that clients are only alerted when their information appears online, not someone else’s. For example, if a record exists for John Q. Smith, who lives at 123 Terbium Street, Baltimore, MD 21205, the client will not be alerted if Matchlight only detects a match for the name, or only the address. However, if some combination of the variant generations of the name and address appear online, the client is alerted. Social security numbers, phone numbers, and email addresses are generally unique, though, and will trigger individual alerts.