How do we stop our personally identifiable data (PII) ending up on the dark web?

Well, i'd say It’s too late for that, just this last few months there have been high profile breaches affecting brands such as Qantas, Louis Vuitton and Paddy Power to name but a few. Millions of pieces of data, yours and mine affected. It is safe to say most of us have already had our PII compromised, whether through a high-profile breach, a careless vendor, our own mistakes or an insecure platform.

So the real question becomes how do we protect what happens next?

The Horse Has Bolted — So What Comes Next for Verification?

With billions of personal records already circulating on the dark web, we need to stop pretending we can "protect" PII in the traditional sense. The horse has well and truly bolted.

The question now is, how do we rebuild trust in a world where identity can be faked, manipulated, and traded in a matter of seconds?

The Future of Verification Isn’t More Passwords — It’s Smarter Protocols

We’re entering an era where static identifiers, like your date of birth, driver's licence, or even email addresses simply don’t cut it. The global shift must now move toward things like:

Cryptographic Standards

The move toward verifiable credentials and zero-knowledge proofs is accelerating. These technologies allow for data validation without exposure, reducing the risk surface significantly.

Biometric authentication

My personal favourite, devices already use biometrics, but projects like myGovID (Australia’s digital identity platform) are already exploring federated, privacy-conscious identity systems that use biometrics in combination with encrypted credentials.

Distributed ID verification

The concept of self-sovereign identity (SSI) is gaining global traction. Companies like Microsoft (Entra Verified ID) are leading the charge, enabling individuals to store and share verified credentials, like qualifications or employment history without relying on a centralised authority. This all means that identity verification can be established without sharing actual evidence that could be compromised.

It’s No Longer About Protection — It’s About Validation

The world needs a new trust framework, one that acknowledges breach as a reality, and shifts the conversation from who you are to what you can prove, securely, in real time.

This is no longer the job of the IT department. It’s a strategic imperative for boards, regulators, and businesses everywhere. 

Watch This Space

We’re standing at the edge of a fundamental shift in how we verify identity, manage consent, and protect access.

The breach era is becoming the verification era, by necessity!

Interesting times ahead.

#CybersecurityLeadership #PIIProtection #ZeroTrust #SecureByDesign

#AboveTheLineLeadership #BusinessResilience