Personally Identifiable Information (PII) Essay

Personally Identifiable Information (PII) refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. 1 PII can include but is not limited to; a full name, an address, a home, office or mobile telephone numbers, an email address, a social security number or other form of national ID number, an Internet Protocol address or a fingerprint or other biometric data . Non-PII can become PII whenever additional information is made available that when combined with existing information, could be used to identify an individual. Most people don’t give a second thought to the information they are asked to provide when using ecommerce sites or creating accounts on various sites such as Facebook and Twitter. What is the data you entered being used for? What happens to this information once you have entered it and completed your transaction with a business? How is this information stored and for how long? How is my information protected from theft? Will my information be sold to third parties? What are my rights should my personal data be lost or compromised? These are questions everyone should ask because your information in the wrong hands can be used to steal your money, steal your identity or both. According to the Privacy Rights Clearinghouse, from April 2005 to April 2012 there were 3,062 data breaches nationwide affecting more than 546,000,000 PII records . Businesses have an ethical and legal obligation to protect your PII. Not only will a breach and subsequent loss of data cost businesses money, it will also affect their reputations. When collecting and storing PII businesses must set policies on how the data is received, accessed, stored, transmitted and released to third parties. Protecting PII involves a combination of only collecting and storing data that is needed to complete the task or transaction at hand, using encryption to store and transmit data, data-loss prevention and policy training and compliance . Unfortunately there are not many standardized laws outside of the Health Insurance Portability and Accountability Act (HIPAA)2 exist that address the collection, storage and use of PII. There are even different standards among states when it comes to the notification of security breaches involving personal information. Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands each have different legislation dealing with notification of the theft of PII. Businesses have to ensure they are aware of the various Federal and State laws dealing with PII. They must enact corporate policies and train their employees in the collection, handling, processing, storage and transmission of PII. Individuals must be vigilant and read the privacy policies of companies they do business with on-line so they are aware of what can and will be done with their personal information.