Who is Responsible for Improper PII Disposal

Personally Identifiable InformationPersonally Identifiable Information (PII),  refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.  As a business owner, you may be in charge of hundreds or a few employees. For every employee you are storing quite a bit of personal information. So who is responsible if your company experiences a breach in security of this personal information?

Whoever is in charge of protecting the PII is considered responsible in a PII breach. This is why it is so important to protect your documents and keep your employees safe. Regardless of your business size, the amount of personal information you are storing may be more than your think.

Personally Identifiable Information

PII is anything that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.  There’s a lot of things that could be added to this list, but the government and most companies identify these items as PII:

  • Full name (if it’s not a common name i.e. John Smith)
  • Home address
  • Email address (if it’s a private email address from an association, club, membership, etc.)
  • National identification number
  • Vehicle registration plate number
  • Driver’s license number
  • Face, fingerprints, or handwriting
  • Credit card numbers
  • Digital identity
  • Date of birth
  • Birthplace
  • Genetic information
  • Telephone number
  • Login name, screen name, nickname, or handle

Regardless of the size of your company, the industry you operate in there are specific legal requirements on the federal, state, and local levels governing the use, storage and destruction of this kind of information, and the classification and seriousness of a PII breach varies greatly.

What are the penalties for failing to properly safeguard PII?

According to the National Archive and Records Administration the penalties to not properly safeguarding PII can vary case-by-case of the specific risk that an individual can be identified. piiHowever, who ever is in charge of the PII is responsible for the breach, as follows:

  • Users will be held personally accountable for their actions related to PII entrusted to them. Failure to comply with the stated rules of behavior may result in administrative penalties or criminal sanctions.
  • Supervisors are subject to disciplinary action for failure to ensure that their staff completes any agency-wide or job specific PII training or for failure to take appropriate action upon discovering a suspected or actual breach of PII.

Store and Destroy PII Securely

If you are looking for a shredding company to help safeguard your personal information, Shred Nations can help!  We will make sure you always receive a certificate of destruction in order to meet all of your security needs.

To get started, fill out the form to the right, or give us a call at (800) 747-3365.  Within minutes, you will receive free quotes from contractors in your area that can help with your project.