The new headline of this week was New LinkedIn Data Leak Leaves 700 Million Users Exposed. Does this mean that LinkedIn was hacked? Actually it wasn’t. The information which represents over 90% of LinkedIn’s user base was actually grabbed through their own publicly accessible API. So what does it mean? It means that LinkedIn has made it really easy for people to obtain Personal Identifiable Information (PII) data about its users such as email addresses, full names, phone numbers, physical addresses and geolocation records.
Personal Identifiable Information (PII) is defined as any data that can be used to identify an individual person. PII could be a single piece of information or it could be multiple pieces of information about a person depending on the context of the information. In general, however, one could say that PII could be any of the following: name, address, email, telephone number, date of birth, passport number, fingerprint, driver’s license number, credit/debit card number and Social Security number.
Why is PII so important and why is it significant that the PII data of so many LinkedIn users was accessible?
PII is important to marketing and political analysts because it helps them identify trends and formulate personas so they can directly market to them. The data that can be collected from social networking platforms like LinkedIn or Facebook is rich in PII, demographic and behavioral information that is highly valued by these analysts. Unfortunately, privacy is also highly valued by many of the users.
Many believe that users should have the right to privacy and that their data should not be shared or used without their permission. In fact, regulations like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) are forcing companies to inform users about what their information is going to be used for and give them the ability to opt out of having their information used for particular purposes.
So what does this recent “exposure” of millions of LinkedIn users mean? It could mean that LinkedIn will have to pay fines similar to the fines Facebook had to pay for making user data available to companies like Cambridge Analytica. Whether they gave the information away or simply made it publicly available through their API is somewhat irrelevant.
This all comes down to the fact that we are all responsible for PII. We must all be aware of when we are opting to share our PII. If we are collecting PII for internal purposes from others, we need to be aware of where that PII is stored and how it is being used every step along the way. Government regulations are becoming more commonplace. Don’t wait until your data is compromised and you are forced to make changes. Be vigilant today and protect your user data.