Secure Solution for Personally Identifiable Information (PII) Data Handling
Securing PII is a critical component of many data privacy regulations as well as a valuable way to gain customer trust. See how SecureDrive Encrypted Storage Devices help keep PII protected within your organization.
Personally Identifiable Information (PII) Solution
Organizations of all sizes gather and transport Personally Identifiable Information (PII), inside database files, documents, marketing material, computer code and customer lists which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual, institution or a company.
What is PHII Personally Identifiable Information?
PII requires special handling because of the increased risk of harm to an individual, institution or a company if it is compromised. It is your responsibility to protect information that has been entrusted to you and your organization. An important part of this duty is to ensure that you properly collect, access, use, share, and dispose and secure PII in the office, while traveling or teleworking and on a portable electronic devices such as a tablets, smartphones, laptops, external hard drives or USB flash drives.
Defining a security policy which identifies the types of PII your organization collects, uses and shares will help minimize the chances of a costly data leak. PII can be information as routine as Name, Email, Address and Phone Number while some categories of PII are sensitive stand-alone data elements such as SSN, driver’s license or state identification number, passport number, or financial account number. Other data elements such as criminal record, medical information, ethnic, religious, sexual orientation, or lifestyle information, and account passwords, in conjunction with the identity of an individual (directly or indirectly inferred), are also Sensitive PII.
Implementing a robust security policy which minimizes or eliminates the proliferation of PII helps to keep your organization more secure and reduces the risk of a costly and embarrassing privacy incidents. Take the necessary steps to protect PII:
- Avoid creating unnecessary or duplicative collections of PII, such as duplicate, ancillary, “shadow,” or “under the radar” files.
- When printing, copying, or extracting PII from a larger dataset, limit the new data set to include only the specific data elements required.
- Delete or destroy any duplicate copies of PII as soon as they are no longer needed.
- Do not pack laptops or electronic storage devices in checked baggage or leave them in a vehicle for an extended period of time.
- Do not return failed data storage devices to vendors for warranty repair or replacement if the device was ever used to store PII. See the IT department for device sanitation.
- Educate the workforce to obtain authorization from their supervisors before removing any data (in either paper or electronic format) containing PII from the workplace unless correctly secured.
- Physically secure Sensitive PII when in transit. Do not mail or courier PII on CDs, DVDs, hard drives, USB flash drives, floppy disks, or other Removable media unless the data are encrypted.