When it comes to protecting yourself and your company’s best interests, there are many forms of personal information to watch for. What exactly are these kinds of sensitive data, what is your relationship to them, and how does protecting them affect you and your business?
What Exactly is PII
If you’ve spent any time in the tech sphere or within the inner workings of just about any company, chances are you’ve come across the term “PII”. Simply stated, PII stands for Personally Identifiable Information, or essentially any personal data that can be used to identify someone.
Off the top of your head, you could probably guess that PII constitutes the more mundane personal names, emails, addresses, bank account numbers, or national IDs. However, it goes further than that, including information about a person’s religious views, sexual preferences, and medical information.
Source: Imperva
All Shapes and Sizes
In reality, PII can take many shapes. These include everything from personal data, protected data, sensitive data, and a few acronyms like PHI and the PCI DSS (Personal Health Information and Payment Card Industry Data Security Standard). And you’ll also need to be aware of the risks of mixing innocuous-looking pieces of data that can be used together to identify someone. Be sure to check out our article PII and Its Many Forms and take a deep dive into the world of PII and its various forms.
Your Personal Relationship to PII
Not all PII is created equal. Different countries legislate PII categories differently, but at its core, protecting PII is always about mitigating risk. For example, a name or an IP address, while personal or personally identifying, is commonly shared and holds relatively little risk should it fall into the wrong hands on its own.
A more severe breach would include a combination of identifiers, such as a phone number, full name, and an address. Or multiple names leaked in a single spreadsheet.
And finally, the highest level of risk is associated with identity theft and blackmail, leading to financial damage or job loss. Critical PII types include passwords, bank account information, and credit card numbers; social security and national IDs; information regarding health, political, and sexual orientation.
Source: PII Tools
Your Company’s Relationship to PII
For small and large companies alike, its breach incidents and nonconformity to regulations such as GDPR, HIPAA, and CCPA that cause major issues. As a business owner, your relationship with PII is an important one. Depending on the size of the company, your job is to ensure no PII lives in the wrong places (e.g., an employee’s passport number being sent by email, GDPR non-compliant information saved in your company files, etc.) and that it can’t be accessed without authorization.
According to recent studies by TrustArc and AIIM, 50% of businesses know little to nothing about GDPR compliance and only 20% believe they are compliant today! As you can imagine, this opens the door to many negative consequences. Not only are the people at risk whose information has been breached but the company could also suffer hefty fines and lose credibility.
Source: The Race to GDPR: A Study of Companies in the United States & Europe, Ponemon Institute, April 2018
Your Responsibility
No matter the size of your company, it’s your job to protect all the PII that comes your way. For smaller businesses with fewer clients and a handful of employees, becoming PII compliant could be as simple as moving some folders around, formalizing internal guidelines, or maybe holding a training day on the importance of GDPR compliance.
But what about the rest of us? What do medium to large companies do with their thousands of devices, millions of emails, and employees with various levels of system access all over the world? The answer: automation and strong software tooling.
An Auditor’s Best Friend
PII Tools is self-hosted data discovery software created with these issues in mind. The technology allows companies to quickly uncover all the PII they have living in non-compliant areas. The tool can be used by internal security teams, DPOs, or external auditors, to analyze this sensitive data by its severity and remediate any problems they run into.
You’ll also find that PII Tools come in handy should you suffer a breach incident. With their Breach Management feature, your auditor can react quickly to identify the affected data, generate detailed reports of their findings, and suggest actionable steps to help prevent data breaches in the future. No matter how prepared you are, it’s always best to have a plan B.
Source: PII Tools
PII in the Modern World
In today’s fast-paced, dynamic online environment, knowing what PII is, how to locate it, and protect it is more important than ever. We all keep hearing about the regulatory fines, but the real loss following a privacy breach is the loss of trust – the trust of business customers, users, of its business partners.
PII Tools is a great way to protect yourself, your employees, and your clients. This is exactly the data discovery software you want on your side for everyday use and to help mitigate any issues that may arise. When it comes to doing business in the 21st century, your company is only as good as its reputation – and that includes privacy compliance.
Hoping to Improve How Your Company Protects PII? Check Out How PII Tools Work!
