June 07, 2018
Are you clear about what personal and confidential information is? Everyone should be because this is the type of data that information thieves look for.
While individuals have their own personal identification documents and paperwork, workplaces also collect, use, and store confidential information related to employees, customers, patients, residents, students, or others.
The federal government requires organizations to identify Personally Identifiable Information (PII) and Protected Health Information (PHI) and handle this information securely.
PII, which can be used to identify, contact, or locate an individual, includes name, birth date and place, mother’s maiden name, credit card numbers, Social Security number, driver’s license number and passport number. PHI is information related to health status, care, and payment.
Photos of the full face or recognizable features as well as biometric data, such as fingerprints, x-rays, cornea scans, voice signatures and hand scans, are all considered confidential.
PII is also information that can be used to trace an individual’s identity, either alone or when combined with other information linked to a specific individual.
Boarding passes, shipping labels, junk mail, sticky notes, returned checks and pay stubs all contain confidential details. Corporate confidential data includes sales and marketing strategies, financial statements, intellectual property and tax information.
Social Security numbers, credit cards, and financial information are what thieves use most often to commit fraud or identity theft. These documents need to be vigorously protected.
In earlier research, 53% of employees had received unencrypted, risky corporate data via email or email attachments and 21% said they had sent sensitive information by email without encryption. Research has also shown that employee error accounts for about 62% of data breaches today. PII is often found on computers, laptops, mobile devices, flash drives, disks, home computers and digital copiers.
Depending on the sector, different privacy laws govern how information is managed in the workplace. The new European Union's (EU) General Data Protection Regulation (GDPR), which went into effect in May 2018, strengthens individual privacy rights in different ways including the ‘right to be forgotten’. It increases data protection compliance and enforcement and applies to any organization anywhere in the world that handles data belonging to a person living in the EU.