Monday 24 March, 2014
PII stands for personally identifiable information (or variations of this phrase). This is information that can be used to identify, contact or locate a person. It’s easier than ever to obtain this information through the Internet and PII can be used for stalking, ID theft, or other crimes.
PII includes information such as:
* Email address
* Telephone number
* Social security number
* Biometric data
* IP address
* Drivers’ license or credit card numbers
It’s basically anything that can uniquely identify you. Another similar category of information is PIFI – personally identifiable financial information. Just think of any information a cybercriminal could use to be ‘you.’
PII is a hot topic right now. People are worried about how websites use their information. They’re worried not only about the danger of identity theft, but also about their privacy and what information websites track and store. This is especially a concern with Google and Facebook, both of which have spotty records when it comes to protecting users’ privacy.
Your site also collects, stores, uses and shares your users’ PII. You have a legal responsibility to handle it properly. Not doing so and compromising this information can lead to serious legal consequences, even if it’s unintentional.
One great step you can take is to make sure your site uses SSL encryption. This protects the data stream between your server and your users’ browsers. This protection stops when it reaches your server, but it’s safe while being transmitted, and that’s where hackers are most likely to strike. On your server, you can store data using your own encryption. Encryption uses complex algorithms to scramble data so that it’s incomprehensible to anybody who retrieves it.
An even better option is what’s called tokenization. Tokenization turns tiny bits of your data into ‘tokens’ and stores them in a data vault. These tokens are only part of each bit of data. They have to be retrieved and matched with other data stored on your server in order to be read. Tokenization makes your stored data basically useless to hackers.
You should always destroy data completely when its lifecycle is complete. In other words, whenever a person has left your system, make sure they leave no trace. Also, invest in security software and monitor your system for any weak areas that compromise its security and leave it open to attack.