Compass IT Compliance Blog

What is PII? Important Distinctions in Information Security

[fa icon="clock-o"] Jun 12, 2017 11:00:00 AM [fa icon="user"] Sarina Resnick [fa icon="folder-open'] Information Security, Cybersecurity, PII

security-2168233_1920.jpg

PII is the acronym that keeps getting thrown around, but never defined. Knowing what the acronym stands for is just as important as knowing why it is so increasingly important. So, what is PII? The acronym stands for "Personally Identifiable Information." But what does this really mean?

According to the General Services Administration, PII is information that can be specifically connected to an individual. This can be anything from names, to important information like credit card numbers and social security information. This information is classified into two different categories: Sensitive and Insensitive. Important information is classified as Sensitive. This is due to the amount of security needed to make sure the information stays private, because if made public could inflict harm upon the owner. Sensitive information, such as credit card numbers, need to be encrypted, safely secured when not in use, and correctly disposed of once the information is out of date. 

Determining what is Sensitive PII can be tricky because when combined with other information some information could be used for harm. Information that is always classified as "Sensitive" can be things like:

  1. Social Security Numbers
  2. Passport information
  3. ID numbers
  4. Financial information.

Information that is considered "Sensitive" if paired with other identifiers include:

  1. Passwords
  2. Medical information
  3. Criminal History
  4. Other identifiers that could harm a person

It is important to know about PII, and the important distinction between Sensitive and Insensitive information, because if not protected correctly, the information could be used to harm a person or a company. So, before you threaten your information security by sending that email, make sure to encrypt the sensitives, or the costs can be expensive (literally).

So, what can be done to protect this sensitive data? A great place to start is the Center for Internet Security Top 20 Critical Security Controls. These controls are designed to have an immediate impact on your overall information security program and ultimately mitigate your risk around PII and other sensitive information you may possess. Click on the image to download a copy of our Top 20 Security Controls eBook today:

New Call-to-action

For more information of how to keep PII secure or if you have a specific question about your environment, please don't hesitate to contact us.

Sarina Resnick

Written by Sarina Resnick

Subscribe to Email Updates