Both the individual whose personally identifiable information (PII) was the subject of the misuse and the organization that maintained the PII may experience some degree of adverse effects. Depending on the type of information involved, an individual may suffer social, economic, or physical harm resulting in potential loss of life, loss of livelihood, or inappropriate physical detention. If the information lost is sufficient to be exploited by an identity thief, for example, the person may suffer from a loss of money, damage to credit, a compromise of medical records, threats, and/or harassment. The individual may also suffer tremendous losses of time and money to address the damage. Other potential harms which may result from the compromise of an individual's PII include embarrassment, improper denial of government benefits, blackmail, and discrimination.
Likewise, organizations may experience harm as a result of a loss of PII maintained by the organization. Harm may include administrative burden, remediation costs, financial losses, loss of public reputation and public trust, and legal liability.