What is Personally Identifiable Information (PII) and how do we go about protecting it? PII is any information that can be used to identify, contact, or locate someone: name, gender, birth date, social security number, address (home or email), phone number(s), and even an IP address. Other examples include: educational information, tax ID numbers, vehicle registration, patient ID numbers, passport numbers, property title information, and even a person’s criminal history. Because of the importance of these pieces of information, laws at both the federal and state levels in United States are in place to protect them, namely aimed at government institutions, businesses, schools, and medical facilities.
Protecting this extremely sensitive information is becoming more and more of an issue these days now that nearly every piece of personal information is available somewhere on the internet if you know where to look. Reputable organizations use multiple tools to protect their employees and customers from security breaches because such occurrences could not only potentially cost them dearly from a financial standpoint, but could also ruin a hard-earned reputation. Aside from that, those organizations must also follow those above-mentioned state and federal laws or face steep consequences. Internally, the organizations set up their own rules and regulations for accessing their data, how it is received, stored, and distributed. These regulations also determine what needs to stay within and what can be sent to third parties. Actually protecting personally identifiable information (PII) requires a combination of data-loss protection, encryption, policy compliance, and protecting against actual threats.
Anyone looking to do business with an organization should first do thorough research on its security protocols and practices to make sure their personal information will be as safe as possible.
For more information:
Guidance on the Protection of Personal Identifiable Information
