Personally Identifiable Information (PII) consists of key personal data which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records and more, including, but not limited to, an individual's photographic image, fingerprints, handwriting, retina scans, voice signature, facial geometry, taxpayer identification number, passport information and credit card numbers.
Personal data breaches are pretty bad stuff, right?
Did you hear?
The Australian Red Cross Blood Service recently apologized after 550,000 blood donors' personal information was mistakenly exposed online. The information exposed included the names, genders, email addresses, mailing addresses, phone numbers, and birthdates of people who donated blood between 2010 and 2016. Around 1.3 million records relating to the 550,000 individual blood donors were exposed online last month after the blood service's website partner Precedent published a backup database to a publicly-exposed web server.
The 1.74GB file, which contained records going back to 2010, involved personal data as well as sensitive medical information. The amount of information involved in the leak earned it the title of Australia's largest-ever data breach. The leak was made public on October 28, 2016, with concerns that scammers are already using the incident to try and extract sensitive information. The breach appears to be the largest in the country's history.
How about this one?
The U.S. bank authority warned of data breach that took 10,000 records. Apparently, according to reports, a former staffer grabbed the files while leaving his job in late 2015. It seems, according to Engadget's coverage of the incident, the United States Office of the Comptroller of the Currency revealed that a worker took over 10,000 activity and staff records with him sometime in November 2015, shortly before he retired. The unnamed worker copied what is described as a "large number" of files to two thumb drives and, when asked about the data, could not located the drives to return them.
Or this one?
As reported on October 31, 2016, a new report from Washington State’s Attorney General’s Office says nearly a half a million residents were impacted by data breaches between July 2015 and July 2016. A new law went into effect last year that requires businesses and public agencies to report data breaches. In the first year under the new law, companies reported 39 incidents that impacted at least 450,000 Washington residents. The reports came from hotel chains, telecommunications companies, a school district, shipping company and retails stores. The report says some cases were the result of targeted cyberattacks. In other cases, information was mistakenly lost or disclosed.
Personal Data Breaches
While it is best practice for organizations to limit the use, collection, and retention of PII to only what is absolutely required for business purposes, oftentimes it is not known exactly what information is stored and where it is located to effectively manage it and ensure its protection. The danger, for many enterprises, is they experience critical challenges in identifying, classifying and managing PII in an organized and protected way - leveraging a clear methodology to inventory information effectively.
As data breaches are unfortunately accepted these days as a casualty of modern business, the drive to protect PII has risen for today's enterprises driven to protect brand reputations, market positioning and customer service quality. In fact, the biggest drivers behind spending increases for many businesses currently is related to technologies, strategies and practices to bolster brand protection, as well as address issues related to compliance and regulations, particularly in industries such as the financial services market, life sciences market and insurance sectors.