How much personal identifiable information does your business have?

Does this title make you feel like responding ‘how long is a piece of string?’ You aren’t alone. After all, personal identifiable information (PII) is more than email addresses. So, if it is more than that; how much do you actually have, where is it, how did you get it and what can or can’t you do with it?

What is PII?

PII is anything and everything that can identify an individual or sole trader. It can be digital or paper based. You might find your business holds some if not all of these typical forms of PII:

General PII (GPII). This is data that you would think is PII without further thought. Items such as names, email and postal addresses, taxpayer ID/NI numbers and other ID details such as driver’s license and passport numbers.

Sensitive personal information (SPI). This form of PII can include; demographics, a person’s racial or ethnic origin, political opinions, religious or other beliefs, trade union memberships, physical or mental health, including all medical history, sexual preferences and convictions, proceedings and criminal acts.

Personal financial information (PFI). Typically assumed to be more crucial data, PFI can include bank account details, card holder details and transaction data. Information which can be used to identify the sender and/or the beneficiary.

How do you know how much PII you have?

Despite all of these different forms, if the same client data is on multiple systems, it still counts as one record. Having said that, don’t forget that data in spreadsheets and other documents still counts as a record. This includes data in emails on your employees’ workstations.

To calculate how much PII your business holds, simply add together SPI, PFI and GPII for clients and employees. When you know the scale of PII data that you have, as well as the types, you can make sure your business has the right measures in place to keep it safe.

Too many PII records to contemplate? How can you keep them safe?

There are various ways you can protect your business’s data. A combination of robust IT security measures and employee awareness, including best practices, policies and procedures can all help protect your data. However, should there be a data incident or breach; you need to ensure your business is safe from any fall out.

Zywave: Data Breach Response Policy