 |
| Created by Kimberly Kline, API |
Keeping both your clients' and employees' personal information safe is the responsibility of every company, even a small business. That is why it is important to put practices in place from the beginning that will help!
That duty begins with guarding the Personally Identifiable Information (PII) of your employees and clients.
Here we will discuss what information is considered PII, why it is important, and what you need to do now to safeguard it.
What is PII?
PII (Personally Identifiable Information) is defined as any information that can be used to determine a person’s identity. It also covers any information that when combined with other identifying information can reveal a person’s identity.Specific Examples of PII are:
- Full Name (if not common)
- Home Address
- Date of Birth
- Social Security Number / National Identification Number
- Telephone Number
- Email Address (if private)
- Vehicle Registration Number
- Driver’s License Number
- Fingerprints or Handwriting
- Credit Card Numbers
- Genetic Information
- Login Name, Screen Name, or Handle (radio)
Examples of potential PII:
- Full Name (if common)
- Country, state, zip code, city of residence
- Age
- Gender or Race
- Name of School they attended or their Workplace
- Grades, Salary, or Job Position
- Criminal Record
- IP Address
Being lax in any way with how you treat it is dangerous and can open up your clients and your employees to identity theft. This can have serious, lasting effects on their bank accounts, social media accounts, and credit. Having unauthorized access to PII is also an invasion of privacy.
That is why it is crucial to develop a sound policy concerning PII. Your policy should include the safe handling of PII, the proper training of your employees in what is PII and how to keep it safe, and the consequences of not following your policy.
As an employer, you are required to develop and implement a policy for the safe handling of PII. You must also include the rules of behavior expected, including the consequences for non-compliance.
All employees and contractors who have significant privacy information responsibilities must understand your PII policy. This includes any employees and contractors who work with PII as part of their job duties such as Human Resources staff, finance staff, or Managers / Supervisors.
You should then consider “de-identifying” your records as much as possible. This means removing enough PII from any report or document so that the remaining information does not automatically identify an individual.
Another option is to “Anonymize” PII information. For example, you may consider substituting a code for the PII information (such as a name).
But the absolute best way to safeguard PII begins with controlling or limiting access to PII. This includes both physical and mobile access including cell phones, laptops, etc.. Curbing the number of people who come in contact with sensitive PII information is the easiest way to keep it safer and control how it is handled.
Careful consideration of the location of your PII records is also key. Keeping them onsite with limited accessibility is best. Any offsite or mobile storage creates vulnerability.
Your policy also needs to consider the confidential transmission of anything containing PII.
The final safeguarding part of your policy should be developing an auditing program to monitor for potential inappropriate access to PII or for a data breach.
You must emphasize that compliance is mandatory and that the penalty for breaking the protocol for safely handling PII may incur disciplinary and/or criminal action.
Penalties may range from reprimand and retraining to suspension or removal. It should be noted that fines may also be levied on anyone found guilty of willful disclosure of PII.
The responsibility for properly training your employees and contractors who work with PII lies with you, the owner, and your managers. The best practice is to develop a thorough training program, make sure your workers follow the program, and frequently monitor the handling of PII.
This includes the previously mentioned limiting of access to PII. It also means the proper destroying of records physically, shredding for example, and digitally (sanitizing).
Creating sound PII handling procedures, along with a company Privacy Policy, makes sense. (Discover how to write a Privacy Policy for your Small Business here!)
Authored by
That is why it is crucial to develop a sound policy concerning PII. Your policy should include the safe handling of PII, the proper training of your employees in what is PII and how to keep it safe, and the consequences of not following your policy.
Safeguarding PII begins with You and Your Employees! “Tweet This”
As an employer, you are required to develop and implement a policy for the safe handling of PII. You must also include the rules of behavior expected, including the consequences for non-compliance.
You should also recognize that employees are often the “weak link” when it comes to safeguarding PII.
Making sure they are both thoroughly trained and monitored helps.
All employees and contractors who have significant privacy information responsibilities must understand your PII policy. This includes any employees and contractors who work with PII as part of their job duties such as Human Resources staff, finance staff, or Managers / Supervisors.
 |
| Created by Kimberly Kline, API |
Establishing steps to both recognize PII and handle this type of information properly is the backbone of a good PII policy.
The first step is to identify whether the information is, in fact, PII. Educating your staff on the examples of what is PII and what, when combined with other information, becomes PII is crucial.
You should then consider “de-identifying” your records as much as possible. This means removing enough PII from any report or document so that the remaining information does not automatically identify an individual.
Another option is to “Anonymize” PII information. For example, you may consider substituting a code for the PII information (such as a name).
But the absolute best way to safeguard PII begins with controlling or limiting access to PII. This includes both physical and mobile access including cell phones, laptops, etc.. Curbing the number of people who come in contact with sensitive PII information is the easiest way to keep it safer and control how it is handled.
Careful consideration of the location of your PII records is also key. Keeping them onsite with limited accessibility is best. Any offsite or mobile storage creates vulnerability.
Your policy also needs to consider the confidential transmission of anything containing PII.
The final safeguarding part of your policy should be developing an auditing program to monitor for potential inappropriate access to PII or for a data breach.
It is also important that your PII policy explains the consequences and corrective actions for breaching PII protocol. It should cover both employee and contractor expectations.
Penalties may range from reprimand and retraining to suspension or removal. It should be noted that fines may also be levied on anyone found guilty of willful disclosure of PII.
The responsibility for properly training your employees and contractors who work with PII lies with you, the owner, and your managers. The best practice is to develop a thorough training program, make sure your workers follow the program, and frequently monitor the handling of PII.
However, no matter what you include in your PII Policy, the best way to protect your employees, clients, and your company is to practice the
“minimum necessary principle”.
The goal is to minimize the use, collection, and retention of PII to the least amount necessary.
This includes the previously mentioned limiting of access to PII. It also means the proper destroying of records physically, shredding for example, and digitally (sanitizing).
Creating sound PII handling procedures, along with a company Privacy Policy, makes sense. (Discover how to write a Privacy Policy for your Small Business here!)
Not only is taking these steps to guard PII the safe thing to do, it is the right thing to do….and your employees and clients will thank you for it! If you need help developing your PII or Privacy Policy, Contact Us !
Authored by
Visit our site to discover how our Background Investigation Services can help You with Your Business!
Learn more About Us and follow this blog for tips and Information dedicated to Hiring, Security, and Your Business!
No comments:
Post a Comment
Thanks for visiting our website. Contact Us! We can answer your questions and offer you a consultation on how we can help You with your Hiring, Business, and Security Needs!
We also invite you to Subscribe. Just leave your email and you will get one new article each month with tips and information focused on You and Your Business!