Personal Identifiable Information (PII) is any data that can be used to identify an individual. Typically this refers to information such as name, address, social security number, date of birth, etc. PII data comes in many forms and can be found in a number of locations online and offline. Examples include social media, resumes, websites, business cards, telephone directories, and lead-generation websites. Personal Identifiable Information can be used for identity theft or other malicious purposes. The general rule with handling PII data is “If you don’t need it to perform your job duties or to help the company operate more efficiently – discard it!” The more detailed answer below goes into further detail about how you can prevent the exposure of PII data both inside and outside of your organization.
What does it mean to be PCI DSS compliant?
A commonly asked question when discussing secure data practices is “What is PCI DSS?” PCI stands for “Payment Card Industry” and DSS stands for “Data Security Standards”. Companies that handle or store credit card or debit card details must be compliant with the PCI DSS standards. This includes businesses that accept credit cards directly, as well as those that accept digital payments such as online payments. The PCI DSS standards are audited by a third party. It is completely independent of the data security standards that organizations implement. This is important to note. An audit will state whether or not an organization is compliant with the PCI DSS standards. An audit does not say anything about the security of the organization. This is why it is important to look at how you can implement secure data practices within your systems.
Why is securing PII data important?
As stated above, Personal Identifiable Information is any data that can be used to identify an individual. The general rule to follow is to protect PII data. If you do not need it, destroy it! If you do need it, encrypt it! Equally important as protecting PII data is the need to protect Personally Identifiable Information data. This is any PII data that needs to be collected, processed, or stored by an organization or company. PII data must be protected because it can be used to conduct identity theft. Identity theft is a serious crime and can have lasting financial and emotional effects on individuals. PII data must be safeguarded due to federal laws and regulations including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Security and Exchange Commission’s (SEC) Regulation S-X. Identity theft and PII data loss can have devastating financial and emotional effects on individuals as well as businesses and organizations.
How can we secure PII data?
There are many ways to protect PII data. Some are better for certain situations than others. Data encryption is one of the best ways to protect PII data. Encryption scrambles the data in such a way that only those with the correct decryption key can see the original data. Another way to secure PII data is to implement access controls and auditing. This allows you to set up security so that certain individuals can only access certain data. PII data must be protected in transit and at rest. When it is stored on a device, PII data should be encrypted. When it is sent over a network, it should be encrypted.
Identity theft is a serious crime that affects millions of people each year. One of the best ways to prevent this is by securing PII data. There are many ways to protect PII data including data encryption, access controls, and auditing. Organizations that handle PII data must follow strict security protocols and procedures and be compliant with the PCI DSS standards.
Looking for more information?
A cyber liability policy can help cover your business and keep you updated with industry tips like this one. Get in touch with us today to learn more about cyber liability insurance coverage, or set up a no-obligation consultation with a commercial lines expert through TelaClient.com.