technical August 09, 2016

Monitoring Individual and Bulk Personal Identifying Information

Individual PII

A PII record is an individual’s personal information placed under monitoring.

PII records contain full names, addresses, social security numbers, and other sensitive personal information. PII, simply put, is the sensitive information that could bring personal harm to someone, if exposed. The records are fingerprinted and compared against the billions of fingerprints that Matchlight’s crawler indexes every day. In the event that Matchlight locates a match for a customer’s record, the customer instantly receives an alert. Alerts contain a record identifier, the date and timestamp found, the URL of where the information was found, and which group of monitored records it exists in.

Use Cases:

  • Monitor the PII of a company’s CEO.
  • Monitor the PII of an employee whose company computer was recently breached.
  • Monitor the PII of a high-value customer.

How We Treat This Record Type:

Variant Generation: To ensure that Matchlight’s web crawler finds clients’ information, PII records are fingerprinted in multiple ways to account for common abbreviations, additions, and formatting changes online. For example, with a PII record containing the full name “John Q. Smith,” Matchlight will generate multiple fingerprints, arranging the name pieces in different ways and using different variations of the name. Using the above example, Matchlight would create fingerprints for Johnathon Smith, Smith John Q., Johnathan Q. Smith, and more. For addresses, Matchlight will generate fingerprints for shortened descriptions, such as “St.” for street, and “Ct.” for court, an.

Multi-field Matching: Because names can belong to other people, and addresses change ownership over time, Matchlight’s multi-field matching for PII records ensures that clients are only alerted when their information appears online, not someone else’s. For example, if a record exists for John Q. Smith, who lives at 123 Terbium Street, Baltimore, MD 21205, the client will not be alerted if Matchlight only detects a match for the name, or only the address. However, if some combination of the variant generations of the name and address appear online, the client is alerted. Social security numbers, phone numbers, and email addresses are generally unique, though, and will trigger individual alerts.

Bulk PII

A Bulk PII record is the personal information of a large group of people placed under monitoring.

Bulk PII records contain full names, addresses, social security numbers, and other sensitive personal information of many individuals. PII, simply put, is the sensitive information that could bring personal harm to someone, if exposed. This combined information composes a single, monitored record. The records are fingerprinted and compared against the billions of fingerprints that Matchlight’s crawler indexes every day. In the event that Matchlight locates a match for a client’s Bulk PII record, the customer instantly receives an alert. However, unlike an Individual PII record, Matchlight only alerts clients when either a large portion of or the entire fingerprint is detected online; Matchlight does not send alerts for Bulk PII records when only single individual’s information from the total record has been detected. Alerts contain a record identifier, the date and timestamp found, the URL of where the information was found, and which group of monitored records it exists in.

Use Cases:

  • Monitor the PII of all company employees.
  • Monitor the PII of customers whose credit card and bank information is also saved within the company.
  • Monitor the PII of a company’s investors.

How We Treat This Record Type:

Variant Generation: To ensure that Matchlight’s web crawler finds clients’ information, PII records are fingerprinted in multiple ways to account for common abbreviations, additions, and formatting changes online. For example, with a PII record containing the full name “John Q. Smith,” Matchlight will generate multiple fingerprints, arranging the name pieces in different ways and using different variations of the name. Using the above example, Matchlight would create fingerprints for Johnathon Smith, Smith John Q., Johnathan Q. Smith, and more. For addresses, Matchlight will generate fingerprints for shortened descriptions, such as “St.” for street, and “Ct.” for court, an.

Multi-field Matching: Because names can belong to other people, and addresses change ownership over time, Matchlight’s multi-field matching for PII records ensures that clients are only alerted when their information appears online, not someone else’s. For example, if a record exists for John Q. Smith, who lives at 123 Terbium Street, Baltimore, MD 21205, the client will not be alerted if Matchlight only detects a match for the name, or only the address. However, if some combination of the variant generations of the name and address appear online, the client is alerted. Social security numbers, phone numbers, and email addresses are generally unique, though, and will trigger individual alerts.