US-Centric vs. International Personally Identifiable Information: A Comparison Using the UT CID Identity Ecosystem

Abstract

Personally Identifiable Information (PII) refers to any information that can be used to trace or identify an individual. A Javelin Strategy and Research Report stated that PII misuse and fraud hits record high with 15.4 million US victims in 2016, about 16% more than the previous year. A comprehensive analysis of PII attributes and their relationships is necessary to protect users from identity theft. However, identity theft and fraud are not just a US problem. According to a new report from Risk Based Security, in 2016, there were 4,149 confirmed breaches exposing more than 4.2 billion records globally. That is approximately 3.2 billion more records than were exposed in 2013, the previous all-time high. In this paper, we extend the mathematical representation and implementation model of the UT CID Identity Ecosystem representing PII attributes and relationships to incorporate international PII. Previously, the UT CID Identity Ecosystem model has been primarily populated using data about US theft and fraud cases to include PII attributes used to transact crime as well as accidental exposure of PII attributes. Statistics are also calculated and associated with respective PII attributes such as the frequency of exposure occurrences for respective PII attributes, monetization value of PII (i.e. financial consequences of the crime), and strength of relationships between PII attributes. This research describes how the content of the UT CID Identity Ecosystem and resulting analysis change when PII attributes from international identity theft and fraud cases are incorporated. Not only are the PII attributes different in an international UT CID Identity Ecosystem, the relationships between PII attributes change, the monetization value of PII attributes change, and the risk of exposure change when worldwide identity theft and fraud cases are considered.