BY Chet Metchalf | 7 July 2021
Personally identifiable information (PII) has become a buzzword thrown around in the compliance space. Most organizations know that PII must be protected, but lack an understanding of how this applies to their organization and the steps they need to take to remediate the volumes of sensitive information they hold on consumers.
Generally speaking, PII is defined as information used to distinguish individuals from one another. While PII qualifications vary depending on the specific compliance laws and jurisdictions, examples of these typically include consumer name, birthdate, social security number, and workplace information, just to name a few. Organizations that collect, process, or store any types of PII are responsible for protecting this sensitive information and ensuring that it does not fall into the hands of cyber criminals.
As the incidence of data breaches reach an all-time high and non-compliance penalties become more daunting, failure to maintain PII compliance is not only costly, but can permanently damage a company’s reputation. However, achieving compliance is near impossible if you do not know where this data lives in your organization and what regulations you are measuring PII against.
With a multitude of compliance regulations including GDPR, CCPA, CPRA, HIPAA, PDPA, and many others, understanding exactly which ones apply to your business is a critical first step. Depending on the varying standards across these laws, PII will have slight differences in definition. For instance, GDPR and CCPA are similar, but not the same. The CCPA with the addition of CPRA (going into effect in 2023) acts as the genesis for state-mandated U.S. compliance laws, and although it does borrow principles from the GDPR, the law distinguishes itself as a heavily consumer-oriented law, giving rights and privileges to individuals. On the other hand, organizations dealing with health-related information, will have little use in measuring PII against the above regulations and instead will need a thorough understanding of HIPAA.
Once this is established, then organizations can take steps to make sure that PII is being protected under the applicable regulations. To gain a big picture understanding of where all this data resides across structured and unstructured sources, a PII scanning and discovery tool can be an indispensable resource to ensure your organization avoids liability and risk. Unlike manual approaches to discovering PII, these tools are able to scale and keep pace with the influx of data businesses handle and help them adapt to ever-changing global and regional compliance requirements.
After these foundational steps are complete, there are additional actions organizations will need to embrace to effectively secure PII. The following is a standard PII compliance checklist for your organization to follow. Of course, each organization and industry has its own unique needs, so this can be customized as desired.
While these are all helpful tips to keep in mind and reference as you take steps toward PII compliance, a data discovery tool will ensure that you have a holistic look at all of your data and stay on top of the ever-evolving compliance landscape. Use Enterprise Recon to learn exactly what PII data your company has stored, how it is being used, and most importantly, how it is being protected so that you can maintain compliance.
If you are ready to start your data discovery journey, book a demo with a data expert today.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.