What is Personally Identifiable Information?
Personally Identifiable Information (PII) is information that can be used to identify an individual. In your business, you may deal with PII every day, and ultimately it’s your responsibility to keep it from falling into the wrong hands. Failure to do so can cause immense difficulties for clients and employees, and will almost certainly result in legal action or heavy fines being levied against you. You need to look no further than the numerous businesses fined for HIPAA violations for proof of this.
What Is Personally Identifiable Information?
PII includes anything that could conceivably be used to identify a specific individual. Some obvious examples are:
* Passport information
* Credit and debit cards
* Social Security Numbers
* Biometric information
* Usernames and passwords
* Personal phone numbers
This kind of information is considered sensitive PII as it would result in personal damage to an individual if it were to be leaked. There’s also another type of PII: non-sensitive personally identifiable information.
Non-Sensitive Personally Identifiable Information
This is information that may not directly identify a specific individual, but can be combined with sensitive information in order to steal an individual’s identity. Some types of non-sensitive PII include:
* First and last names
* Public phone numbers
* Sexual orientation
This is the kind of information that you could easily find in a phone book or a corporate directory.
How Should You Handle PII?
Sensitive PII should always be encrypted, even when you aren’t actively transmitting the information over a network. You should also have strict rules in place for how your employees handle devices containing this information. There are numerous cases of employees losing work laptops or phones and leaking the PII of dozens or even hundreds of people. The legal consequences for this type of carelessness — even if accidental — can be severe.
Non-sensitive PII, on the other hand, can be transmitted freely, as it typically won’t result in any kind of personal damage to an individual. That doesn’t mean you always should. It’s smart to be wary of who you are sharing information with, even if it isn’t sensitive by itself.
How Should You Dispose Of PII?
When disposing of information — even non-sensitive information — your goal should always be complete and total destruction. Old work computers and cell phones should be physically destroyed. Paper documents should be shredded thoroughly. There’s no reason to let anyone else get their hands on any type of PII.
Don’t assume that just because you’ve deleted it or thrown it away that this information is safe. Some people will go to great lengths to steal valuable information. That includes dumpster diving outside of businesses, participating in elaborate phishing schemes, and stealing computers.
Don’t take any risks with the personally identifiable information you handle. The only way to absolutely guarantee that your data doesn’t fall into the wrong hands is NAID-certified data destruction. For more information on the best practices when handling personally identifiable information, don’t hesitate to contact us at AccuShred today.