This invention features a method and system for protecting sensitive information from being disclosed and preventing unauthorized use of identity information by third parties. Virtual identifiers that identify an information holder whose sensitive information is involved in the process currently, are dynamically created by an entity called processing entity. The virtual identifiers are usually linked to a static identity of the information holder through a data management mechanism, such as a database system. A virtual identifier could serve for multiple functions. Usually, validity attributes that indicate when and for how long a virtual identifier is valid for the different functions, are associated with the virtual identifier. When an information holder interacts with a third party in a process that involves the information holder's sensitive information currently, the information holder uses a virtual identifier. Then, through a device connected to a network including wireless devices, telephone, a mail service, or direct human communication, the third party either passes along the virtual identifier to other parties or submits requests along with the virtual identifier to the processing entity which could map the virtual identifier to the static identity information and uses the static information to realize the requests.