Who Is Responsible for Improper PII Disposal?



Personally Identifiable InformationPersonally Identifiable Information (PII), refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.

As a business owner, you may be in charge of hundreds or a few employees. For every employee, you are storing quite a bit of personal information.

So who is responsible if your company experiences a breach in security of this personal information?

Whoever is in charge of protecting the PII is considered responsible in a PII breach. This is why it is so important to protect your documents and keep your employees safe.

Regardless of your business size, the amount of personal information you are storing may be more than you think.

Types of Personally Identifiable Information

PII is anything that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

There are numerous types of information that could be added to this list, but the government and most companies formally identify these items as PII:

  • Types of personally identifiable informationFull name (if it’s not a common name i.e. John Smith)
  • Home address
  • Email address (if it’s a private email address from an association, club, membership, etc.)
  • National identification number
  • Vehicle registration plate number
  • Driver’s license number
  • Face, fingerprints, or handwriting
  • Credit card numbers
  • Digital identity
  • Date of birth
  • Birthplace
  • Genetic information
  • Telephone number
  • Login name, screen name, nickname, or handle

Regardless of the size of your company, there are specific legal requirements on the federal, state, and local levels governing the use, storage and destruction of this kind of information, and the classification and seriousness of a PII breach vary greatly based on your industry.

How to Prevent Improper Disposal

When it is time to get rid of documents, make sure you use a shredding service that is secure and compliant with your industry’s laws and regulations.

A mobile shredding service will bring a truck to your location and shred your documents while you watch.

An ongoing process of keeping your office clear of unnecessary documents is a good plan. Consider an offsite shredding service on a regular basis so you never fall behind in maintaining your records.

Be sure to get a certificate of destruction to prove compliance with laws that require secure PII disposal.

What Are the Penalties for Failing to Properly Safeguard PII?

According to the National Archive and Records Administration, the penalties for not properly safeguarding PII vary case-by-case of the specific risk that an individual can be identified. piiHowever, whoever is in charge of the PII is responsible for the breach, as follows:

  • Users will be held personally accountable for their actions related to PII entrusted to them. Failure to comply with the stated rules of behavior may result in administrative penalties or criminal sanctions.
  • Supervisors are subject to disciplinary action for failure to ensure that their staff completes any agency-wide or job-specific PII training or for failure to take appropriate action upon discovering a suspected or actual breach of PII.

Store and Destroy PII Securely

If you are looking for a shredding company to help safeguard your personal information, Shred Nations can help! We will make sure you always receive a certificate of destruction in order to meet all of your security needs.

To get started, fill out the form to the right, or give us a call at (800) 747-3365. Within minutes, you will receive free quotes from contractors in your area who can help with your shredding project.