Most people think they are fully aware of the nature of Personally Identifiable Information (PII), but many times the scope of PII is far greater - carrying far more damaging ramifications for individuals and businesses.
According to the United States Department of Labor (DOL), Personally Identifiable Information (PII) is defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. According to the DOL, PII can do the following:
- Directly identify an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.)
- Specify individuals in conjunction with other data elements, i.e., indirect identification. These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors.
- Permit the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
What's more, DOL contractors are reminded that safeguarding sensitive information is a critical responsibility that must be taken seriously at all times. DOL internal policy specifies the following security policies for the protection of PII and other sensitive data:
- It is the responsibility of the individual user to protect data to which they have access. Users must adhere to the rules of behavior defined in applicable Systems Security Plans, DOL and agency guidance.
- DOL contractors having access to personal information shall respect the confidentiality of such information, and refrain from any conduct that would indicate a careless or negligent attitude toward such information. Contract employees also shall avoid office gossip and should not permit any unauthorized viewing of records contained in a DOL system of records. Only individuals who have a "need to know" in their official capacity shall have access to such systems of records.
Is your organization taking PII seriously?
The loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information.
Quite often, organizations do not do all they can to protect the PII of their employees - or their clients. The reality is, businesses today have an obligation to protect the sensitive data of their employees and customers.