In a previous blog, we looked at the concept of PII—Personally Identifiable Information—and its appearance in several different variations, including sensitive PII, highly restricted personal information, and highly sensitive data.
Regardless of the terms used, protecting PII from unauthorized access is an essential part of every company’s security policies, because when PII is revealed to unauthorized users, it often appears in the news media with a title like,
“Huge data breach at <insert your company name here>.”
The result? Loss of reputation, potentially large fines, loss of customer confidence, disruption of business activities while dealing with the breach, and possible loss of business opportunities.
To help prevent this kind of unfavorable publicity, where do you begin? Your company needs security policies, standard practices, and security training.
We previously looked at steps you can take to implement a security framework for PII protection. Three key steps are:
The United States Department of Homeland Security (DHS) Handbook for Safeguarding Sensitive Personally Identifiable Information includes recommendations for protecting PII in electronic form.
Once you’ve decided which PII you must keep because it’s essential to your business, make sure it is well protected. Here are some standard practices, based on the DHS recommendations, which you and your co-workers can incorporate into your daily routines and security policies to protect your PII.
Personal computer use
Your ClearPath servers include features that you can use to protect your PII. Take advantage of them and re-examine your security policies, standard practices, and security training to make sure that everyone who accesses your PII does it securely.