More and more people are using the internet to select and purchase everything from plane tickets to clothing. It’s becoming commonplace (and tremendously easy) to submit contact information and a credit or debit card, and have anything you can think of delivered to your door in a matter of days.
Data breaches happen– and most of the time, you won’t realize it’s happened to you until ‘unusual activity has been detected on your account’.
It is every company’s and practices’ responsibility to take every step necessary to ensure that this information is secured and protected from the time they receive it until the time it’s destroyed, regardless of whether or not it’s stored electronically or hard-copy- but that doesn’t mean that customer and employee information is safeguarded.
Before you collect personally identifiable information (PII) from your website, emails, or any other electronic source, be sure that you’re protecting it with appropriate procedures and encryption methods to avoid a data breach that could cost your company millions.
How is Electronic PII Defined?
We define PII and talk about retention times in more detail here, but simply put, Personally Identifiable Information is anything that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Here’s some examples of PII that your company might be knowingly (or unknowingly) collecting and/or tracking:
- Credit Card/Bank Account Numbers
- Home Address
- Geo-location data
- Mapping data
- Mobile app user data
- Web tracking, user preference and experience cookies, logs (i.e. IP addresses, analytics, etc)
- Email addresses
- Phone Numbers
- Video/Audio (including live cams)
- Comments (on Facebook, blogs, etc)
- Photos of people
Any company can have a website, but not every company protects it the way that they should. If you are indeed collecting this data, be sure that you’re protecting your company and your customers by utilizing proper encryption methods and procedures to avoid litigation from a data breach.
Protecting Electronic PII
Securing any PII or electronic data can be quite a challenge depending on the capacity of your online security and the amount of data you need to protect. Below is a summary of an excellent article on Protecting Electronic Restricted Data from the University of California Santa Cruz. Utilize some or all of these techniques to ensure your information is protected:
- Store the minimum amount of PII as possible, and know where it is stored.
- Securely delete PII when there is no longer a business need for its retention. Include email, old versions of files, archives, copies, backups, etc. Be sure to securely shred all hard drives or media when disposing of any equipment
- Truncate, de-identify or redact PII that you need to retain whenever possible
- Implement a hierarchy of authorized users with increased levels of security for more sensitive information
- Use strong passwords that can’t be easily guessed, and protect them
- Schedule regular updates for your software and anti-virus programs
- Use proper Physical Security for all workstations and offices
- Secure laptop computers and mobile devices at all times
- Protect information when using the Internet and email
- Beware of Scams and Phishing Schemes aimed at getting PII
- Don’t install unknown or unsolicited programs on your computer
Get more details here– but the best advice that anyone can give on protecting electronic PII was the first sentence in this article:
“The best way to protect restricted data (PII) is not to have it in the first place.”
Do you need hard drive or product shredding services? Shred Nations can Help!
Shred Nations offers hard drive destruction services and hard drive shredding services that ensures that all data on your drives are completely unrecoverable. Our trained staff of specialists that can help you decide what the best course of action is for your secure hard drive destruction project.
Shred Nations has a network of contractors that allows us to come to your location if you need to ensure a proper chain of custody, or we offer the ability to have you ship your drives to a secure facility to be destroyed. We also provide a certificate of destruction that details when and where the hard drive was destroyed. The bits are separated into component parts and recycled.
To get started, fill out the form to the right, or give us a call at (800) 747-3365 for a FREE, NO OBLIGATIONS QUOTE IN MINUTES!