4 Ways to Protect Your
Personally Identifiable Information (PII) in the Digital World
What is PII?
December 17, 2019
“Personally Identifiable Information; Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.”
Thanks to the rapid expansion of technology we have never been more connected as a society. Likewise, we’ve never been more vulnerable. Sometimes it feels like we are giving away vital information with every keystroke and to some degree that’s true. Websites track everything from the time you hover over an ad to the time between clicks. All of this information is aggregated to (hopefully) deliver a better user experience. Luckily, most of the data a user gives away online can’t be used to identify that particular person. The exception is Personally Identifiable Information, also known as PII. PII includes information that can be used to personally identify you. This information is unique to you and when it falls into the wrong hands it can be used to open bank accounts, purchase goods/services, steal your identity, or hold your accounts hostage. Schemes to collect and exploit this highly lucrative data are growing more sophisticated every day, but the battle isn’t lost. Protecting PII requires some forethought and the development of safe data handling habits but it’s worth the effort.
Some examples of PII:
- Full Name
- Date of Birth & Age
- Home Address
- Telephone Number
- Email Address
- Social Security Number
- Passport or Driver’s License Number
- Credit Card Numbers
- Medical Records
- Criminal Records
In order to prevent crimes like identity theft, it is important to make sure that PII is properly stored and protected. That is why there are several regulations to make sure businesses are keeping your Personal Identifiable Information secure including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
What are 5 ways to protect PII in your organization?
If you are an organization that collects PII then it’s your responsibility to ensure the proper protocols are in place protect it. Paper records should be protected with a physical method like keycard access and a rigid handling protocol. Digital records require unique forms of protection at each part of their lifecycle. So, how can your organization effectively secure digitally store PII?
Start with these 5 steps:
- Storing Data– Find out where and how your company stores PII and secure it. Depending on where you store your data this can mean a variety of different things.
- In Use- Data employees use regularly to do their jobs.
- At Rest- Data stored in computers, hard drives, and web servers.
- In Motion- Data transferring from one digital location to another like a desktop to the Cloud.
- Permissions– Your organization can implement a Content Services Platform (CSP) to improve data security. A CSP will allow your organization to store documents and set different permission levels for employees based on what PII they need to access such as Public, Private, and Restricted Access. The CSP you use should also have the ability to implement other security measures. These security measures can include setting systems to only allow access to approved (white-listed) groups of IPs, User Audits, and Encryption.
- Encrypt data at all levels- Make sure data is encrypted both at rest and in motion throughout your organization.
- Employee Education– Create an onboarding strategy that ensures all employees are trained and familiar with PII and how to protect it. This includes the importance of PII, where it is stored in your company, the importance of cybersecurity protocols surrounding PII, and identifying suspicious behavior related to the handling of information. Similarly, you should have an employee exit strategy that includes removing permissions for any anyone leaving the company.
- Automated Redaction – employ hyper automation to automatically redact both PII from both static files and audio recordings. This is a great option for archived records or for content that needs to be shared without compromising customer or patient privacy.
These are just some basic tactics for protecting PII. Additional recommendations include securely destroying unneeded records, maintaining the latest security updates for your software and servers, and adding multi-factor authentication to customer portals. If you have questions about the security of your records and data reach out – DOMA can help you with any stage of the document lifecycle.
How DOMA Handles PII Protection and Privacy
With DOMA you can trust that your data is protected and that your business has the power to exercise the data and privacy rights afforded by the CCPA on behalf of your customers. As a company that deals primarily with the digitization and management of information, DOMA keeps the requirements of GDPR and CCPA at the forefront of how we deliver our solutions to other businesses.
DOMA supports its customers in their quest to become CCPA/GDPR compliant by serving as a secure processor. We handle and process the data for over 250 different clients and have 20 years of experience in achieving and maintaining a wide range of security and data protection standards. Every customer has different needs and requirements, so it is up to DOMA to ensure we can protect personally identifiable information (PII), medical data, government documents, and other sensitive information.
It’s helpful in this case to work from the top down. For example, achieving compliance with the most stringent laws and regulations makes it easier to meet the needs of clients with less intense security needs. As a digital solutions provider, DOMA can ensure that your business’ information will continue to meet the requirements of CCPA, HIPAA, GDPR, NIST, and more while it’s in our care. Read more about DOMA Compliance.
About DOMA- Powered by Tech, Driven by People
DOMA Technologies (DOMA) is a software development and digital transformation company whose mission is to change customer lives by lightening their workload through faster and more targeted access to their data. Since 2000, our team of 200+ experts has helped businesses navigate all aspects of the digital world. We are a dedicated strategic partner for the federal government and private sector clients at every stage of their unique digital transformation journey.
Author:
Danielle Wethington
Director of Communications
Compliance & Security
Learn more about DOMA’s security and compliance