cyber warrior US banner

Personally Identifiable Information (PII)

What is Personally Identifiable Information (A.K.A. PII)?

 PII is content that uniquely identifies someone from others.  This information is typically used to create or steal someone identity.  Typical items in this category include, but are not limited to:  Name, Complete Social Security Number, Complete Data of Birth, Physical residence address, Drivers License, Phone Number of Residence, and all forms of Medical data (see HIPPA).

Why is this information sensitive?
PII can be used to create, alter, or steal a persons digital or physical identity.  Consider the information that you provide on a credit application and compare it to the information identified above.  Cyber Criminals often will attempt to steal this information in order to create lines of credit or gain access to your existing ones.

What is the Risk?
Improper storage, handling, or loss of PII can result in both physical and financial risk to the individual.  Once someone's credit identity is stolen it can take months to resolve, but not before their credit is damaged; sometimes unreparably.  This information can also be used to stalk individuals either online or in the real world.  The law requires that companies and government agencies that lose PII are required to report the theft to the impacted clients.  This can cause a loss of trust with those impacted individuals.


Protective Measures:

1.  If you must store PII, ensure you encrypt the data when not in use.  Consider using whole disk encryption such as Truecrypt or Microsoft Bitlocker as a solution.  If the data is stored in a database, encrypt the table contents to limit its reuse is stolen.

2.  Never transport or store PII on removable media unless it is encrypted!  These types of media are more difficult to account for and easily lost or stolen.

Safety Tips:

1.  Do not store PII in the "Cloud" unless it is encrypted prior to storage (referred to as Pre-Internet Encryption).

2.  Never email PII unless the message is encrypted.  Email is sent across the internet in Plain-Text, which can be intercepted and read by anyone who is in between the send and receivers internet connections.
 
3.  If you do transport PII, make sure you keep track of what contents are taken, incase of loss; this eases the notification process.


Previous    Next