To celebrate Data Privacy Day, we're doing our part to help raise awareness by promoting privacy and data protection best practices. As cyberattacks continue to grow each year, today is a reminder that everyone, both businesses and individuals, needs to ensure sensitive data is safeguarded against potential attacks. To do that, you will need to understand what PII is and what steps you can take to help keep that data secure.
What is PII and what types of information does it include?
PII stands Personally Identifiable Information. This can be labeled as any data that could potentially identify or be traced to a specific individual. Any information that can be used to distinguish one person from another can also be used for de-anonymizing (a data mining strategy attackers use) anonymous data and may also be considered PII.
Any type of information that can be used to identify you as an individual can usually be labeled as PII. Specifically, this could be your social security number, financial records, medical records, digital identity (think social media), genetic information, credit cards, and a lot more.
What's not considered PII?
It may seem like any piece of information about yourself can be labeled as PII. However, there is non-personally identifiable information available. This would be considered data that, on its own, could not identify or trace a person's identity. Such examples might be your IP address, device IDs, and computer cookies.
How to Protect Your Personal Identifiable Information
Common online security best practices can go a long way in protecting PII. This goes for securing an organization's data as well as your own personal information. Here are some ways to keep your PII safe:
- Keep your office secure. Simple action items like locking your computer when you step away from your desk, shredding sensitive documents, or erasing a whiteboard of all information can help unwanted intruders from seeing something they shouldn't be seeing.
- Encrypt your sensitive data. When storing data on removable media such as a hard drive or thumb drive, ensure this data is encrypted. Otherwise, if these devices fall into the wrong hands, your data could easily be extracted.
- Share with care. Think about how many online accounts you have and how much information each of those accounts holds. From the online payroll software your organization uses to personal accounts on shopping sites and social media, these websites may store important information such as your credit card number, bank account, name and address, and any other information you share with it. Only share this data with trusted websites, and limit the personal information you share on social media.
- Beware of phishing scams. Phishing scams are among the top scams attackers use to retrieve your personal data. Learning how to spot a potential phishing attempt can prevent you from giving out sensitive information freely, and understanding how to send that sensitive data when needed can reduce the risk of someone finding that information should an account be hacked.
- Use online security best practices. Properly creating and storing your passwords, using only trusted websites, and knowing how to properly send sensitive data will help reduce the risk of accidentally leaking information that should be kept private.
The role of securing PII falls on both individuals and businesses. Properly training employees will help them to understand the importance of keeping this information secure and how to properly do so, but ultimately it's up to the individual to carry out these best practices. Keep in mind many of us also use personal devices for work, so keeping this data safe is a full time job not only when you're at the office but on the go as well.