Personal data right now is a weapon — one that can be used against you. One that you have to constantly protect. Why? Because it can be employed to impersonate you. Personal data is as important as our genetic code. You don’t open a bank account with a drop of blood – or a DNA strand – you open it with an SSN and a phone number. From a practical POV, it’s harder and more important to protect your email address and your name – binary information – than your genetic code.
Learn how to protect personally identifiable information and the 3 main components of PII protection.
What is Personally Identifiable Information (PII)?
Personally identifiable information – PII – is any information that can be used on its own or with other data to identify, contact, or locate a single person. The abbreviation, PII, is mostly used in the United States. The concept of it has become extremely prevalent over the years due to information technology, and the internet — both making it easier for bad actors to access, collect and leverage PII against an individual.
The National Institute of Standards and Technology – NIST – includes the following PII as sensitive:
- Phone number
- Email address
- Social Security Number (SSN)
- Passport number
- Driver’s license
- Bank Account numbers
- Debit/Credit card numbers
The importance of data privacy is a hot topic in the world right now. With the increase in data breaches, it’s more pressing than ever to protect personal information -PII- and make sure that it doesn’t get into the wrong hands. PII can be exploited by criminals not only to steal information, but to impersonate a person, use it to aid in the planning of criminal acts, and even stalk certain individuals. Companies that are developing software need to take into account the importance of PII protection and make sure they have the right policies in place to do so.
These may contain encrypted data, only allowing access to authorized personnel, and limiting how long PII is stored on a device or server.
A manager of a credit card company once said:
“Our primary concern is the protection of our customer’s PII. We don’t want to see our customers’ information being leaked and distributed without their permission.”
This emphasizes how important it is to protect PII just in one industry – that same sentiment is mirrored across the board.
The importance of PII protection
In the modern world, data is a valuable commodity. It is used by businesses to make decisions and by individuals to shape their lives.
However, the process of acquiring and using data can be complicated. Not only complicated but highly sensitive. Storing and protecting data has become a critical issue for both companies as well as the government. Now more than ever most industries find themselves in the crosshair of the Federal government regarding their cybersecurity policies. There are many laws and standards that regulate how data can be used in different contexts — including privacy legislation in Canada, the UK’s Data Protection Act 1998, as well as international laws that affect data use, such as GDPR -General Data Protection Regulation -in Europe.
In the US, there are multiple Acts and bills in place that take into account what data can be stored, accessed, and used by companies — and the consequences of faulty systems.
How to protect PII?
We need to be aware of the different types of personally identifiable information and protect them accordingly. We should not forget that some data can be used to identify us, even if it doesn’t contain our name.
Personally identifiable information, or PII, is any data that can be used to identify a person. It can include anything from your birthday and zip code to your phone number or email address.
Nevertheless, it’s also critical to understand that some data is more important than others. For example, according to the NIST, your full name, home address, and even gender or date of birth are superfluous data points — traits that can be shared by many people and aren’t distinguishable. This type of data demands extra input, and additional valuable information, such as an SSN or a Driver’s license to be used.
The NIST promotes innovation in all industry standards, including data protection, and emphasizes the need of safeguarding distinguishable data – such as SSN, driver’s license, bank account numbers, passport numbers, etc – through the use of 3 key components.
Access to workplaces or departments, where PII is handled physically should be restricted. To protect PII a company must limit who has access to it.
Companies and agencies have to create rules and procedures for employees regarding the use of data.
Perhaps one of the most important aspects and tools of data protection right now —- Technology is the proverbial silver bullet when it comes to automatic and managing data. Technology, allows us to control core aspects of PII protection::
- Data availability.
- Data lifecycle management.
- Data recovery.
When it comes to protecting PII there are dozens of tools and innovations you can employ. Each covers and manages an essential aspect of data and its usage.
- Authentication and authorization.
- Data erasure.
- Endpoint protection.
- Disaster recovery.
- Storage with built-in data protection.
- DLP — Data Loss Prevention.
- Data discovery.
Protecting personally identifiable information — who is responsible?
The responsibility of PII protection should not be left to a single person. The company should have a dedicated team of individuals tasked with the protection and management of all their sensitive data — including PII.
To make sure that the company is compliant with the standards and protocols, they need to appoint a Data Protection Officer. This person needs to be in charge of everything related to PII protection: managing, protecting, and storing data. This person will identify vulnerabilities, and risk, appoint team members, and create a data protection policy — one with multiple layers and protocols, each reinforced with cutting-edge tools.