In the modern era, personal information is perhaps a person’s most precious commodity. Personal information is a way of establishing our identity, getting the help we need, and qualifying for credit. To keep that information safe from thieves, laws and regulations exist to govern the way companies and other institutions handle that information. Here are the major categories of private information and some information on how they are properly stored.
Personally Identifiable Information
Personally identifiable information, or PII, is information that could be used to falsify documents or accounts in your name. Examples include your mother’s maiden name and other security question fodder, your home addresses over the years, and your phone number. The real prize for thieves looking for PII is a Social Security number. A lost Social Security number can lead directly to incidents of identity fraud that cause long-term problems for the victim. Your storage of such information needs to reach certain security benchmarks.
Private Personal Information
Similar to PII, private personal information is data about your life that needs to be controlled to prevent identity theft. PPI is a broader category than PII and applies to different kinds of information; whereas PII refers to big-picture information, PPI includes employment records, grades, disability information, gender, and ethnicity. If an employer comes into contact with PPI, he or she is obligated to not only protect it from outside intrusion but also compartmentalize it within the company so prevent its moving outside those offices that need the information to function properly.
Payment Card Industry Data Security Standard
Payment information is some of the most sought-after data by intruders; after all, scoring a credit or debit card number allows the hacker to either use the card or auction off access to the card on underground web sites. The credit industry adopted a set of security standards in 2006, and if your business runs cards at any point, you need to be sure your storage meets the standards. The protocols are tiered based on the volume of transactions accepted, so if you only do the occasional credit card sale, you don’t need to worry as much as a retail outlet with hundreds of daily transactions would.
Protected Health Information
Image via Flickr by purpleslog
Health information is a common source of trouble for management. The access to this information is governed by a multitude of laws and regulations, among which the Health Insurance Portability and Accountability Act, or HIPAA, is the most famous. By the strictest readings of HIPAA requirements, you’re not allowed to even say that an employee who called out for the day did so because of illness. As far as stored electronic information goes, HIPAA-covered data needs to be protected to certain standards, and you definitely need to research the subject to make sure that your online storage services live up to those standards.
While information categorization seems at first like a bewildering maze of abbreviations and laws, some simple privacy-centric policies will deal with most of them. Just be sure you look at the laws applicable to the information you collect, and only use storage solutions that live up to those requirements.