Maintaining Compliance is Essential for Safeguarding Personally Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII)
Personally identifiable information (PII) and sensitive personally identifiable information (SPII) is information collected by businesses that can be used to distinguish, locate, trace, or contact any individual. Enterprises such as financial institutions, healthcare providers, service providers, multi-tenant buildings and merchants share common concerns when it comes to protecting customer and visitor data and privacy. As data is constantly moving (and as threats to sensitive data from both inside and outside an enterprise are a concern), businesses must be able to protect PII and SPII data from the moment of capture until the end of production.
Increasing regulation governing PII and SPII protection measures makes it essential for businesses to properly collect, access, use, share, store and dispose of PII and SPII data. Compliance also involves costly audits and maintenance; but the cost of non-compliance can be much greater. In addition to these costs, sanctions can be assessed against a non-compliant business, not to mention the loss of public trust.
Veristream visitor management security offers a comprehensive data protection framework that secures data at the time of capture, through processing and storage across a variety of devices, databases, operating systems and applications used by enterprises.
What Is the Difference Between PII and SPII?
The Department of Homeland Security (DHS) defines personal information as personally identifiable information (PII), which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, legal permanent resident, visitor to the U.S., or employee or contractor.
Sensitive personally identifiable information (PSII) is information that, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Sensitive PII requires stricter handling guidelines because of the increased risk to an individual if the data are compromised.
Examples of PII
Examples of PII include:
- Home addresses
- Email addresses
- Phone numbers
Examples of SPII
Some categories of PII are sensitive (SPII) as stand-alone data elements, including:
- Social Security numbers
- Driver’s licenses
- State identification numbers
- Passport numbers
- Alien registration numbers
- Financial account numbers
- Biometric identifiers
When paired with another identifier, other data elements such as an individual’s citizenship, immigration status, medical information, ethnicity, religious affiliation, sexual orientation, account passwords, last four digits of a Social Security number, date of birth, mother’s maiden name, criminal history and account passwords in conjunction with the identity of an individual (directly or indirectly inferred), all fall into the category of SPII.
Safeguarding PII and SPII
Universal use of the Internet has made it easier for unlawful collection of PII and SPII through breaches of Internet security, network security and web browser security. This feeds a profitable market in collecting and reselling PII. That information can also be exploited by criminals or used to assist in the planning of criminal acts. Thus, protecting PII and SPII in various forms is an essential part of protecting your visitors, employees, vendors, contractors and executives from harm associated with unauthorized information disclosure. Enterprises must exercise care when handling all PII, keeping in mind that SPII requires special handling because of the increased risk of harm to an individual if it is compromised. Many have enacted website privacy policies specifically to address the gathering of PII, and laws have been enacted to limit the distribution and accessibility of PII.
Veristream’s iVisitor and iSiteAccess programs are designed to meet compliance requirements for safeguarding PII and SPII collected by enterprises through these systems.
The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of personal records in recent years. In addition to the harm breaches involving PII can cause, individuals or enterprises risk the loss of public trust, in addition to hefty fines and sanctions.