The information which can be used to distinguish or trace an individual’s identity, either alone or in combination with other information, which is linked to that specific individual, is called personally identifiable information or PII. Personally identifiable information falls into two categories:
Direct PII:
- Full name
- Physical address
- Government identification number
- Telephone number
- Email address
Information that is linked to a specific individual:
- Date or place of birth
- Mother’s maiden name
Indirect PII: does not identify a person in or of itself, but when combined with other information can become PII
- Sex
- Race
- Geographic indicators
- Public information that permits physical or online contact with a specific individual is another form of indirect PII
Organizations that handle or manage PII are legally bound to protect it from loss, theft, or improper use. Individuals and organizations can both endure serious damage from a PII breach.
Individual damage:
- Identity theft
- Loss of privacy
- Financial loss
Organizational damage:
- Legal Liability
- Remediation costs
- Loss of public trust
Companies and employers are required to take sufficient measures to guard against PII breaches. They must invest in technology and equipment, implement policies and procedures that govern the way PII and other sensitive information is collected, stored, processed, and disposed of. Employees must ensure that they understand and follow these policies and procedures rigorously.
Organizations usually have detailed privacy and information security policies to guide their employees on how to use, manage, and store information securely. Data breaches are increasing, and they have an impact on companies’ reputations among their customers and the general public. It is critical that the employees are familiar with policies and are updated regularly with any changes.