What is PII and How Does it Affect You?

Cole PrudenPersonally Identifiable Information, Self-Hosted Auditing Software, Sensitive Data Protection

When it comes to protecting yourself and your company’s best interests, there are many forms of personal information to watch for. What exactly are these kinds of sensitive data, what is your relationship to them, and how does protecting them affect you and your business?

What Exactly is PII

If you’ve spent any time in the tech sphere or within the inner workings of just about any company, chances are you’ve come across the term “PII”. Simply stated, PII stands for Personally Identifiable Information, or essentially any personal data that can be used to identify someone.

Off the top of your head, you could probably guess that PII constitutes the more mundane personal names, emails, addresses, bank account numbers, or national IDs. However, it goes further than that, including information about a person’s religious views, sexual preferences, and medical information.

Source: Imperva

All Shapes and Sizes

In reality, PII can take many shapes. These include everything from personal data, protected data, sensitive data, and a few acronyms like PHI and the PCI DSS (Personal Health Information and Payment Card Industry Data Security Standard). And you’ll also need to be aware of the risks of mixing innocuous-looking pieces of data that can be used together to identify someone. Be sure to check out our article PII and Its Many Forms and take a deep dive into the world of PII and its various forms.

Your Personal Relationship to PII

Not all PII is created equal. Different countries legislate PII categories differently, but at its core, protecting PII is always about mitigating risk. For example, a name or an IP address, while personal or personally identifying, is commonly shared and holds relatively little risk should it fall into the wrong hands on its own.

A more severe breach would include a combination of identifiers, such as a phone number, full name, and an address. Or multiple names leaked in a single spreadsheet.

And finally, the highest level of risk is associated with identity theft and blackmail, leading to financial damage or job loss. Critical PII types include passwords, bank account information, and credit card numbers; social security and national IDs; information regarding health, political, and sexual orientation.

Source: PII Tools

Your Company’s Relationship to PII

For small and large companies alike, its breach incidents and nonconformity to regulations such as GDPR, HIPAA, and CCPA that cause major issues. As a business owner, your relationship with PII is an important one. Depending on the size of the company, your job is to ensure no PII lives in the wrong places (e.g., an employee’s passport number being sent by email, GDPR non-compliant information saved in your company files, etc.) and that it can’t be accessed without authorization.

According to recent studies by TrustArc and AIIM, 50% of businesses know little to nothing about GDPR compliance and only 20% believe they are compliant today! As you can imagine, this opens the door to many negative consequences. Not only are the people at risk whose information has been breached but the company could also suffer hefty fines and lose credibility.

Your Responsibility

No matter the size of your company, it’s your job to protect all the PII that comes your way. For smaller businesses with fewer clients and a handful of employees, becoming PII compliant could be as simple as moving some folders around, formalizing internal guidelines, or maybe holding a training day on the importance of GDPR compliance.

But what about the rest of us? What do medium to large companies do with their thousands of devices, millions of emails, and employees with various levels of system access all over the world? The answer: automation and strong software tooling.

An Auditor’s Best Friend

PII Tools is self-hosted data discovery software created with these issues in mind. The technology allows companies to quickly uncover all the PII they have living in non-compliant areas. The tool can be used by internal security teams, DPOs, or external auditors, to analyze this sensitive data by its severity and remediate any problems they run into.

You’ll also find that PII Tools come in handy should you suffer a breach incident. With their Breach Management feature, your auditor can react quickly to identify the affected data, generate detailed reports of their findings, and suggest actionable steps to help prevent data breaches in the future. No matter how prepared you are, it’s always best to have a plan B.

Source: PII Tools

PII in the Modern World

In today’s fast-paced, dynamic online environment, knowing what PII is, how to locate it, and protect it is more important than ever. We all keep hearing about the regulatory fines, but the real loss following a privacy breach is the loss of trust – the trust of business customers, users, of its business partners.

PII Tools is a great way to protect yourself, your employees, and your clients. This is exactly the data discovery software you want on your side for everyday use and to help mitigate any issues that may arise. When it comes to doing business in the 21st century, your company is only as good as its reputation – and that includes privacy compliance.

Hoping to Improve How Your Company Protects PII? Check Out How PII Tools Work!