• Facebook
  • Twitter
  • LinkedIn
  • Rss
  • 864.335.9223
  • Client Portal
  • Get Help
PremierePC
  • Managed IT Services for Business
    • Computer and Network Support
    • Backup and Disaster Recovery
    • Cybersecurity
    • HIPAA Compliance
    • NIST Framework
    • Surveillance Systems
  • Communication and Productivity
    • Business Phone Systems
    • Hosted Business Email
    • Enterprise File Sharing
    • Email Compliance and Security
  • Business Hosting Solutions
    • Domains
    • Managed DNS
    • Virtual Private Servers
    • Shared Web Hosting
    • SSL Certificates
  • Connect
    • Our Team
    • Latest News
    • Sales
    • Support
    • Client Portal
  • Menu Menu
  • Managed IT Services for Business
    • Computer and Network Support
    • Backup and Disaster Recovery
    • Cybersecurity
    • HIPAA Compliance
    • NIST Framework
    • Surveillance Systems
  • Communication and Productivity
    • Business Phone Systems
    • Hosted Business Email
    • Enterprise File Sharing
    • Email Compliance and Security
  • Business Hosting Solutions
    • Domains
    • Managed DNS
    • Virtual Private Servers
    • Shared Web Hosting
    • SSL Certificates
  • Connect
    • Our Team. Their Passion.
    • Latest News
    • Sales and Billing
    • Remote Support
    • Client Portal
  • Get Help
  • 864.335.9223
PremierePC Circle LogoPremierePC
Q and A

Q and A : Protecting PII

How are you protecting the PII (Personally Identifiable Information) of your clients, customers or members?

As others are stating, sharing the specifics of these plans can open you up to risk, so it is best to share generally about this topic.

PII is a big deal and you can be responsible for it even though you didn’t initially send it.

Let’s cover the basics of what PII is and isn’t.

Personally Identifying Information (PII) is defined as any information about an individual maintained by an agency, including:
(1) any information that can be used to distinguish or trace an individual’s identity, such as: Name, Social Security Number, Date and place of birth, Mother’s maiden name, Biometric records

2) any other information that is linked or linkable to an individual, such as: Medical, Educational, Financial, Employment information.

PII can be sensitive or non-sensitive.
*Non-sensitive PII information:
– Can be transmitted in an unencrypted form without resulting in harm to the individual.
– Can be easily gathered from public records, phone books, corporate directories and websites.

Sensitive PII information:
– When disclosed, could result in harm to the individual whose privacy has been breached.
– Should be encrypted in transit and when data is at rest.
Personally identifiable financial information (PIFI) is any information that a consumer provides to a financial institution that would not be available publicly.
PIFI may include information such as:
– An individual’s name
– Personal contact details
– Bank account number
– Credit Card number
– Social Security number
– And more
PIFI generally contains private and confidential data visible only to authorized personnel.
The term is mainly applied in an operating environment where security, privacy and authenticity of financial information is the primary objective. The data stored within PIFI is used for a set of different applications and/or business services.
For example, an online e-commerce site may contact a consumer’s bank and use PIFI from the bank’s server to identify and validate a buyer’s credit card.
Under the Gramm-Leach-Bliley Act, financial institutions must alert their customers to privacy policies and practices and avoid the disclosure of nonpublic personal information about consumers to third parties without consumers’ consent.
Financial institutions must also establish appropriate standards for protect PIFI.

OK, you still there? I know that was a lot of text, but it’s a great guideline to helping you understand WHAT you need to protect.

So, HOW do we protect PII? A few best practices include:

Identify where you are storing PII. Many file management services will offer this, you can also purchase software audits or have a professional consultant come in.

Determine the sensitivity of the PII you store.

Remove any legacy PII that is no longer needed for active work. Use a retention policy and retire data as quickly as you can.

Encrypt PII in transit and at rest.

We strongly suggest that you NEVER EVER EVER email PII. Consider scans to encrypted network folders or secure cloud services like Egnyte with proper roles and permissions.

Email compromise is the number one method for bad actors to gain access and steal PII. Having strong inbound and outbound email compliance solution can help prevent attacks and mitigate leaks.

PERMISSIONS. Not everyone in your organization needs access to PII, properly storing this data by user role and access permissions will help mitigate many risks.

Educate your team on the critical nature of PII. We suggest at least an annual security awareness training session or PII refresher.

Have a standard onboarding and offboarding process for your team. Do not COPY permissions from users.

If you can, have a dedicate compliance officer who can check and audit your internal process at least quarterly.

There is a lot to understanding and protecting PII. Having a trusted partner like PremierePC can help you avoid many pitfalls, implement complicated solutions, and assist your team in driving compliance.

July 16, 2020
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share by Mail
https://www.premierepc.net/wp-content/uploads/logo_circle-1.png 192 192 Geena Hammond https://www.premierepc.net/wp-content/uploads/premierepc_business_it_solutions_greenville_sc.png Geena Hammond2020-07-16 12:24:532020-07-31 15:10:18Q and A : Protecting PII

Stay in the know.

Sign-up to join our monthly newsletter.

Categories

  • Office Updates
  • Q and A
  • Solution Highlight
  • TechBytes

Managed IT Services

Computer and Network Support

Backup and Disaster Recovery

Cybersecurity

NIST Framework

Surveillance Systems

HIPAA Compliance

Communication and Productivity

Business Phone Systems

Enterprise File Sharing

Hosted Business Email

Email Compliance and Security

Get In Touch

16 W Pointe Blvd, Mauldin, SC
864.335.9223

Contact Sales | Open a Case

About

Meet the Team | Latest News

PremierePC Technology Group, LLC BBB Business Review

Greenville HIPAA Compliance

A fully integrated IT solutions provider for local business clients. Serving the Upstate of South Carolina including Greenville, Spartanburg and Anderson counties.
Physical Address: 16 W Pointe Blvd, Mauldin, SC 29662 | 864.335.9223 | Payment Remittance: PO Box 5293 Greenville, SC 29606
Copyright © 2006 – 2023 PremierePC Technology Group. All Rights Reserved. | Terms and Conditions | Privacy Policy

Q and A : Remote workRemote Workpremiere pc circle logoQ and A : Website importance
Scroll to top