Monday 24 March, 2014

What Is PII and How Can You Protect It?

PII stands for personally identifiable information (or variations of this phrase). This is information that can be used to identify, contact or locate a person. It’s easier than ever to obtain this information through the Internet and PII can be used for stalking, ID theft, or other crimes.

PII includes information such as:

*  Name

*  Address

*  Email address

*  Telephone number

*  Social security number

*  Fingerprints

*  Biometric data

*  IP address

*  Drivers’ license or credit card numbers

It’s basically anything that can uniquely identify you. Another similar category of information is PIFI – personally identifiable financial information. Just think of any information a cybercriminal could use to be ‘you.’

PII is a hot topic right now. People are worried about how websites use their information. They’re worried not only about the danger of identity theft, but also about their privacy and what information websites track and store. This is especially a concern with Google and Facebook, both of which have spotty records when it comes to protecting users’ privacy.

Your site also collects, stores, uses and shares your users’ PII. You have a legal responsibility to handle it properly. Not doing so and compromising this information can lead to serious legal consequences, even if it’s unintentional.

One great step you can take is to make sure your site uses SSL encryption. This protects the data stream between your server and your users’ browsers. This protection stops when it reaches your server, but it’s safe while being transmitted, and that’s where hackers are most likely to strike. On your server, you can store data using your own encryption. Encryption uses complex algorithms to scramble data so that it’s incomprehensible to anybody who retrieves it.

An even better option is what’s called tokenization. Tokenization turns tiny bits of your data into ‘tokens’ and stores them in a data vault. These tokens are only part of each bit of data. They have to be retrieved and matched with other data stored on your server in order to be read. Tokenization makes your stored data basically useless to hackers.

You should always destroy data completely when its lifecycle is complete. In other words, whenever a person has left your system, make sure they leave no trace. Also, invest in security software and monitor your system for any weak areas that compromise its security and leave it open to attack.

One really important issue involving PII is your privacy policy. It’s always good to have a privacy policy in place, but now it’s as important as ever. New regulations require it. You need to let all users of your site know exactly what information you gather from them and what you do with it. This should be clearly stated in layman’s terms and displayed prominently on your site.

Bob Steele

Bob Steele is an entrepreneur, software developer, marketer, and author living in the Denver metropolitan area. He’s an avid outdoorsman who loves skiing, hiking, fishing, boating, and just plain having fun. His interests include games, space, technology, physics, cooking (well eating actually), economics, business, internationalism, and team sports. With over thirty years of professional consulting experience, Bob has been exposed to many diverse business models and has gained a sensible approach to life. Bob’s company, WaveCentric is focused on commerce, marketing, and entertainment related products.

More Posts - Website

Comments Off on What Is PII and How Can You Protect It?   Posted In: Commerce   |    Written By: Bob Steele