What is PII ?
PII stands for Personally Identifiable Information, and refers to any data that can be used to identify a specific person. This includes things like full name, social security number, driver's license number, address, telephone number, financial account numbers, and biometric data.
Examples of PII include
- Name
- Personal identification number, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number
-Address information, Telephone numbers
-Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints
-Information identifying personally owned property
Identifting PII
Four methods to identify Personal Idenfiable Information (PII) include
1. Reviewing system documentation and stored files for any data that can be used to identify a specific person.
2. Conducting interviews and conducting data calls with firm members to review any data that can be used to identify a specific person
3.Using data loss prevention technologies (e.g., automated PII network monitoring tools),
4. Checking with system and data owners.
Organizations should also ensure that retired hardware no longer contains PII and that proper sanitization techniques are applied.
Companys may aslo shoose to perform PTAs or Privacy threshold analyses, which are techniques used to evaluate the amount of privacy afforded to individuals when their personal data is collected and used by organizations. PTAs are conducted by organizations to assess the degree of risk associated with the collection and use of personal data. PTAs are comprised of simple questionnaires that are completed by the system owner in collaboration with the data owner.