Understanding PII

0:00/1:34

Optional: Listen to the audio as you follow along on the screen.

0:00/1:34

Optional: Listen to the audio as you follow along on the screen.

0:00/1:34

Optional: Listen to the audio as you follow along on the screen.

Overview

As you help clients add information to Trustworthy, you’ll be working with Personally Identifiable Information (PII). In this section, we’ll learn about the significance of PII and best practices to safeguard client data.

The consequences of stolen PII can be devastating for your clients. Criminals, scammers, and other nefarious individuals steal PII and utilize it to commit crimes such as identity theft, fraud, stalking, blackmail, public humiliation, and even physical harm. PII is the gateway to the private lives of your clients and should be protected at all costs.

Examples of Personally Identifiable Information

  • Biometrics

  • Social Security numbers

  • Age

  • Health records

  • Ethnicity

  • Religion

  • Name

  • Telephone number

  • Mailing address

  • Financial transactions

  • Job title

  • Department

  • Company name

  • Photos

  • Online:

    • Social media usernames

    • Email addresses

    • Tracking cookies or IP addresses

These nefarious individuals may be able to identify your client directly with data such as their social security numbers or fingerprints. Other times they can identify your client indirectly by piecing multiple pieces of information together like a birthdate, blood type, name, and age.

Levels of PII

There are different levels of PII that put your clients at different levels of risk if their data was ever stolen. Let's review each of them.

Low Level PII

Here are examples of low-level PII:

  • Names and titles

  • Work addresses

  • Work phone numbers

  • Work email addresses

If this information was stolen, there would likely be minimal ramifications.name, and age.

Medium-level PII

PII with a medium level of risk should be shared only as authorized by your client. 

Examples of mid-level PII:

  • Customer account numbers

  • Credit card number

  • Home address

  • Any personal contact information

If PII in this category is misused, the potential impact could mean a significant amount of trouble for your client — not just an inconvenience.

High-level PII

PII that presents a high level of risk is extremely confidential and should be very well protected. If PII in this category is stolen, the potential impact on your client could be serious physical, social, or financial harm.

Examples of high-level PII

  • Account information sourced together (for example: credit card numbers, contact info, and purchase history)

  • Unique personal identifiers like Social Security numbers and passport numbers

  • Healthcare information like policy numbers and treatment records

Now that we understand what Personally Identifiable Information is and the importance of shielding our client's sensitive data from potential theft, let's discuss some of the steps that you can take to protect PII.

Minimize Risk

Only collect, use, and keep the data you really need. Talk with your client about their level of comfort. They might want to enter their high-level PII into Trustworthy themselves. Make sure that you and (ultimately) your client leverage Trustworthy’s permissions to control access to the account.

Store Physical Data Safely

The digital data inside Trustworthy is secure. Make sure your client is storing any physical data in a secure location like a fire safe.

Know Your Data

Make sure your client knows where their digital data and physical records are stored.

Know Your Client's Preferences

Some clients might have special rules for collecting, storing, and using personal information. Have a conversation with them about PII, their comfort level around having someone else manage their high-level PII, and if they have a plan if their information is stolen.

Stay alert

Criminals can trick people into sharing PII using a personal contact and exploiting human kindness and trust.

  • Phishing attacks come through email or other electronic sources. They can lure you or your client into revealing PII or downloading malicious code by pretending to be from a reliable or known source.

  • The client might work with other professionals who mishandle your clients’ PII. If you suspect malicious intent, report it to your client.

That's it for our World Class Security & Privacy training. Here are some resources that will help you master these concepts.

Resources

© 2024 Trustworthy Company

© 2024 Trustworthy Company

© 2024 Trustworthy Company