HIPPA, PII, FCC, OCR…LMNOP! How can anyone keep track of all the acronyms floating around today? It’s not enough to know what an acronym stands for, either – if business owners don’t understand how they apply to their business, they could find themselves in hot water PDQ!
Let’s start with PII. PII stands for “personally identifiable information”. Organizations are under an obligation to protect the confidentiality of the information they have about people, including their:
- clients
- employees
- patients
- students
- consumers
- financial donors
What kind of information is considered “personally identifiable information”? The NIST (yes, another acronym that stands for National Institute of Standards and Technology) defines PII this way:
Personally Identifiable Information is ―any information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
(2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
Examples of Personally Identifiable Information include, but are not limited to:
- Name, such as full name, maiden name, mother‘s maiden name, or alias
- Personal identification number, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, or financial account or credit card number
- Address information, such as street address or email address
- Personal characteristics, including photographic image (especially of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)
You can’t manage or secure something if you are not aware of it – so the first step is to take stock of all the ways and places where personally identifiable information might be stored in your organization. Then you can start to put policies and practices in place to protect the confidentiality of the people whose information you have been entrusted.
Outdated, unused, broken, or out-of-service computers, hard drives in a box, laptops, servers, and smart phones are often forgotten about – stashed in some corner of the office or in a closet somewhere waiting to be disposed of. Most often, these devices contain personally identifiable information and they represent a real liability to organizations.
If you are not aware of the liability associated with storing these unwanted items, contact us. Data Nukes has a cost effective way to shift that liability from you to us – so you can CYA!