DOL internal policy specifies the following security policies for the protection of PII and other sensitive data: It is the responsibility of the individual user to protect data to which they have access.
Who is responsible for protecting PII at our company?
Generally, the responsibility is shared with the organization holding the PII and the individual owner of the data. That said, while you might not be legally responsible. Most consumers believe that it is your responsibility to protect their personal data.
How do you protect personally identifiable information?
10 steps to help your organization secure personally identifiable information against loss or compromise
- Identify the PII your company stores.
- Find all the places PII is stored.
- Classify PII in terms of sensitivity.
- Delete old PII you no longer need.
- Establish an acceptable usage policy.
- Encrypt PII.
What qualifies as PII?
Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., …
What law protects PII?
Section 5 of the Federal Trade Commission Act (FTC Act) prohibits unfair or deceptive practices and is the primary federal law protecting American PII.
What is a PII violation?
One of the most familiar PII violations is identity theft, said Sparks, adding that when people are careless with information, such as Social Security numbers and people’s date of birth, they can easily become the victim of the crime. …
Why is it important to protect PII?
Keeping PII private is important to ensure the integrity of your identity. With just a few bits of your personal information, thieves can create false accounts in your name, start racking up debt, or even create a falsified passport and sell your identity to a criminal.
How do I report PII violations?
1. Any release of PII where IT equipment/system is involved must be reported immediately to the Computer Security Office’s (CSO) Computer Security Incident Response Team (CSIRT) at CS_IRT@nrc.gov or 301-415-6666.
What is not PII information?
Info such as business phone numbers and race, religion, gender, workplace, and job titles are typically not considered PII. But they should still be treated as sensitive, linkable info because they could identify an individual when combined with other data.
What are examples of PII?
Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address. We often talk about PII in the context of data breaches and identity theft.
Where is PII valuable?
The Value of Personal Data (PII)
Perceived value can take many forms. From the consumer’s perspective, it could mean being able to log into an online bank account with one less click, a retailer sending cross-channel discount notifications on an item you’ve been researching, or customized product recommendations.