Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, email addresses, phone numbers, IP addresses, login IDs, social media posts, and digital images are generally considered as PII. Geolocation, biometric, and behavioral data can also be classified as PII. 

In some regions of the world such as the European Union, there are strict rules and regulations for the storage and handling of PII data. European Union’s General Data Protection Regulation (GDPR) impacts any company, worldwide, that processes or stores the personal data of EU residents. The new rules grant people more rights regarding how companies handle their personally identifiable information (PII), and it imposes heavy fines for non-compliance and data breaches (up to 4 percent of a company’s yearly revenue).

As a website admin, app creator, or product owner, you need to be aware that the traces visitors and users leave behind could be sensitive. These traces might enable you to identify individuals, so you need to handle such data with the utmost caution. By understanding the concept of PII, your organization will understand how to use information security to store, process, and manage PII data correctly.

Who is responsible for safeguarding PII data?

The responsibility of safeguarding the PII data may range from sole responsibility of the organization to no responsibility. Usually, the responsibility is shared between the organization holding and storing the data and the owner of the data (users/customers).

Even though you might not be responsible for safeguarding the PII data but you should take the necessary measures to keep it safe from a data breach. If you do not, you could suffer from reputational damage even if your organization is not legally responsible. It is a commonly accepted best practice to protect PII.

Let InfoSecurity Compliance Corp help you protect personally identifiable information (PII)

Book a no-obligation demo with us today!