Generally, Personally Identifiable Information (PII) is any sort of information that can be utilized to identify a specific individual or person. Social security numbers, mailing or email addresses, and phone numbers are the commonly regarded terms considered under PII, but technology has evolved the scope of PII significantly incorporating an IP address, login IDs, social media posts, digital images, and so on. Geolocation, biometric, and behavioral data can also be categorized as PII.
This comprehensive definition of PII generates security and privacy obstacles, especially when specific and stringent safeguards for it are spelled out in pronouncement such as the European Union’s (EU’s) & General Data Protection Regulation (GDPR). The new regulations concede people more rights concerning how companies handle their personally identifiable information (PII), and it obtrudes heavy fines for non-compliance and data breaches–up to 4 percent of a company’s yearly returns.
Common Rules For Shielding Your Sensitive PII Emails
A privacy eventuality refers to the actual or potential loss of control, compromise, and unauthorized revelation, unsanctioned acquisition or access to Sensitive PII, in physical or electronic forms. Privacy incidents trigger majorly when employees fail to utilize appropriate controls while accessing or sharing Sensitive PII or when they use Sensitive PII for an unaccredited purpose. Here, we have mentioned the appropriate controls to safeguard Sensitive PII as follows:
Gathering and Accessing Sensitive PII
- Make sure that the documents are not approachable to unpretentious visitors, passersby, or other common crowds within the office premises without a “need to know.” If you leave your workstation for any reason, lock your computer’s screen. As soon as your shift ends, either log off or lock your PC with a password-protected saver.
- Ensure privacy while having intra-office or telephonic interactions regarding Sensitive PII.
- Restrict your access to only that Sensitive PII required to execute your job and do not use your Sensitive PII on any other illegal grounds.
Utilizing And Sharing Sensitive PII
You are granted to share PII outside of DHS only when there is a published routine utilized in the applicable SORN and access agreement that implements the information.
- Creating Electronic Copies Of Sensitive PII: In some scenarios, it may be appropriate to generate new spreadsheets or databases that incorporate Sensitive PII in a database form.
- Do Not Post Your PII To Web Sites & Shared Drives: Never post Sensitive PII on the DHS intranet, the Internet shared drives, or multi-access calendars that can be used by the people who are not authorized for “need to know.”
- Collective Engineering/Phishing: Beware of any phone calls or emails from individuals declaring to be DHS employees and trying to gain personal or non-public information or inquiring to verify such information about you. DHS will never ask you to verify or confirm your account login, password, or personal information by email or over the phone calls.
This article is intended to help you detail about what PII Email is all about and how to safeguard your Personal Identifiable Information during your everyday work activities.