This work addresses potentially occurring unintended flows of personally identifiable information (PII) within two fields of research, i.e., enterprise identity management and online social networks. For that, we investigate which pieces of PII can how often be gathered, correlated, or even be inferred by third parties that are not intended to get access to the specific pieces of PII. Furthermore, we introduce technical measures and concepts to avoid unintended flows of PII.