Stolen PII is frequently used to commit identity theft and fraud, and should be guarded carefully. Hackers and malware will search a compromised computer for SSN’s they can find. As a matter of good practice, you should never keep any unprotected PII on your workstation.
Companies may or may not be legally liable for the PII they hold. In New Zealand, the Privacy Act defines “personal information” as any piece of information that relates to a living, identifiable human being, including names, contact details, financial health, and purchase records. A data breach is an unauthorized access and retrieval of sensitive information by an individual, group, or software system. Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate.
For instance, HIPAA and PCI-DSS might require organizations to use SSL/TLS when transferring sensitive data and PII. The organization would then be required to encrypt any sensitive data in the database. However, you still need to define a set of strategies for internal access, backups, archives, and who within the organization can view PII. If users access PII remotely, they should be required to use VPN and multifactor authentication . GDPR draws a line between companies with 250 employees and those with fewer ones. The checklist instructs organizations in the way they encrypt data at rest and data in motion.
Both are signs that someone has used your PII to steal your identity. However, the line between PII and other kinds of information is blurry. As stressed by the US General Services Administration, the “definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified”. PII is often referenced by US government agencies and non-governmental organizations. Yet the US lacks one overriding law about PII, so your understanding of PII may differ depending on your particular situation.
It’s important to distinguish between sensitive and non-sensitive PII because sensitive information is regulated by compliance standards and must be protected by several cybersecurity standards laid out by regulatory bodies. Overly sensitive data such as social security numbers and financial data requires extensive security to protect it from attacks. Personal Identifying Information is any type of data that can be used to identify someone, from their name and address to their phone number, passport information, and social security numbers. This information is frequently a target for identity thieves, especially over the Internet. For that reason, it is essential for companies and government agencies to keep their databases secure.
Sometimes they are also harder to identify when they are present, for example, in page URLs, page titles, or referrers URLs. So make sure you’re optimising your web analytics tools’ settings to ensure you’re asking your users for consent and respecting users’ privacy. May or may not cover all potential individual rights regarding data. Check out our webinar on the CCPA and why the “Do Not Sell My Personal Information” requirement is important. Few people today are fully aware of how many traces of personal information they leave every day. Some of this information is generic or anonymous, but much more of it can imply or reveal identity than many people realize.
