Abstract
We frequently discuss the importance of keeping PII—personally identifiable information—secure, but what does this include? What data qualifies as PII?
Here, we’re going to lock down on a definition (and you may be surprised by what this definition covers).
PII Varies, Depending on Who You Ask
Before PII can be protected effectively, you need to know what data can and should be classified as such. The thing is, it all depends on who you ask.
For instance, while the United States generally only identifies a few dozen identifiers in the legislation that is in place, other places have far more nebulous definitions of what constitutes personally identifiable information. The European Union, Brazil, China, and certain US states like California and Virginia all effectively count anything that can be used to identify an individual…even if the data only contributes to the identification. The General Data Protection Regulation sees race, political opinion or affiliation, religion, and sexual orientation as PII, but the California Consumer Privacy Act does not.
This all makes it challenging to not only define PII, but also to determine how it should be managed…and in response, some areas are staged to crack down on the information collection policies that companies utilize. Five states in the US are poised to hold companies more accountable regarding their data collection and use practices—and it appears that regulators are following suit. After hiring a moving and storage company that attempted to sell servers and hard drives but failing to dispose of about 15 million customers’ PII, Morgan Stanley Smith Barney was fined $35 million.
How to Avoid Fines Like These
First, you need to be sure that you’re abiding by all regulations that your area and industry dictate. Taking these considerations into account from the very beginning and shaping your data handling practices around them will make your compliance simpler to ensure.
Additionally, it is important that you test your protections regularly—both to keep data safe and to ensure that the data cannot be used to identify the individual.
It is also important that you protect your data and access to it through a variety of other safeguards, like encryption both in transit and while at rest, identity and access management, and role-based access control.
We can assist you in implementing all of the above, and more. Reach out to us at 888-748-2525 to learn more about what we can do.
ABOUT THE AUTHOR
Rafiq Masri
With over 25 years of experience in Information Technology, Rafiq is one of the most accomplished, versatile and certified engineer in the field. He has spent the past 2 ½ decades administering and supporting a wide range of clients and has helped position Network Management, Inc. as a leader in the IT Managed Services space.
Rafiq has built a reputation for designing, building and supporting top notch IT infrastructures to match the business objectives and goals of his clients.
Embracing the core values of integrity, innovation, and reliability, Rafiq has a very loyal client base with some customer relationships dating back 20+ years.
Rafiq holds a bachelor’s degree in Mechanical Engineering from the University of Michigan and has completed graduate programs in Software Engineering and Business at Harvard and George Mason University. Rafiq is a former founder and CEO of Automation, Inc. in Ann Arbor, Michigan as well as a valued speaker on entrepreneurship and technology at industry events such as ExpoTech and others.