Personally Identifiable Information (PII) is information that can be used to uniquely identify a specific individual. PII consists of a person’s first name or first initial, last name, and any one of 29 additional confidential items, such as date-of-birth, postcode, or bank details.
As a business you will store information about your clients, often including personally identifiable information. You are required by law to protect this information from data breaches and cyber attacks. In the UK, the relevant legislation is the Data Protection Act 2018 (GDPR).
If you do not keep personally identifiable information safe, and it is leaked or stolen, you can incur fines, increased operating costs, loss of customer confidence, poor public image, and potentially more regulation.
How to protect Personally Identifiable Information
- It’s a good idea not to store more personal information than you need, to minimise the amount you have to protect.
- Encrypt data, both during storage and any movement.
- Control who can access the data, and use passwords etc for those who can.
- Regularly assess and audit what you are doing in regard to data collection, storage and processing.
- Securely dispose of data once it is no longer necessary to store it.
- Train your staff, so that everyone knows how to keep PII safe.
- Use appropriate security software, such as anti-virus, anti-malware, firewalls, VPNs, security patches and software updates.
- Make sure that your suppliers and other third-parties who share PII are using adequate systems. You don’t want to do everything right yourself and then be compromised by them.
- Where possible, anonymize or pseudonymize PII to reduce its sensitivity.
- Create a strong incident-response plan so that you know what to do if an incident occurs.
There’s a lot to think about here. If this is something that you need help to consider for your business, why not give us a call on 0114 287 0510 to see how we at datamills can help?