Directive Blogs
What Exactly is Personally Identifiable Information?
It’s incredibly important to keep your personally identifiable information secure, but what exactly constitutes PII? Today we offer a definition and suggestions or strategies to help you keep your PII safe.
The Definition of PII Depends on Who You Ask
If you want to protect PII to the best of your ability, you first need to understand what it is, but the answer to this question is not exactly clear-cut.
The United States identifies a couple-dozen identifiers in its legislation, but other countries have different ideas for what is considered PII. The European Union, Brazil, China, and even various US states like California and Virginia have different ideas of what makes for PII. The General Data Protection Regulation (GDPR) sees race, political opinion or affiliation, religion, and sexual orientation as PII, but the California Consumer Privacy Act does not.
With so many different factors and variables in place, it’s hard to define PII, which in turn makes it hard to protect it. Five US states want to hold companies more accountable for failing to protect PII, and regulators are in the same boat. For example, Morgan Stanley Smith Barney failed to properly dispose of consumers’ PII on servers and drives that they wanted to sell following a big move, resulting in a $35 million fine.
Avoiding Fines for PII Security
The first and foremost thing you need to account for is the PII as it is outlined for your industry. Take this information into consideration right from the start so there is no room for error or confusion. Implement it into your data handling and sharing practices immediately to ensure compliance.
Furthermore, you’ll have to test your protections to make sure that you are keeping your data as safe as possible. Be sure that the data, even if stolen, cannot be used to identify the individual.
To top it all off, implement solutions designed to protect your data on all levels, including encryption, identity and access management, and role-based permissions.
Directive can help to make sure that your business is protecting its personally identifiable information. All you have to do to get started is call us at 607.433.2200.