Understanding PII
Overview
As you help clients add information to Trustworthy, you’ll be working with Personally Identifiable Information (PII). In this section, we’ll learn about the significance of PII and best practices to safeguard client data.
The consequences of stolen PII can be devastating for your clients. Criminals, scammers, and other nefarious individuals steal PII and utilize it to commit crimes such as identity theft, fraud, stalking, blackmail, public humiliation, and even physical harm. PII is the gateway to the private lives of your clients and should be protected at all costs.
Examples of Personally Identifiable Information
Biometrics
Social Security numbers
Age
Health records
Ethnicity
Religion
Name
Telephone number
Mailing address
Financial transactions
Job title
Department
Company name
Photos
Online:
Social media usernames
Email addresses
Tracking cookies or IP addresses
These nefarious individuals may be able to identify your client directly with data such as their social security numbers or fingerprints. Other times they can identify your client indirectly by piecing multiple pieces of information together like a birthdate, blood type, name, and age.
Levels of PII
There are different levels of PII that put your clients at different levels of risk if their data was ever stolen. Let's review each of them.
Low Level PII
Here are examples of low-level PII:
Names and titles
Work addresses
Work phone numbers
Work email addresses
If this information was stolen, there would likely be minimal ramifications.
Medium-level PII
PII with a medium level of risk should be shared only as authorized by your client.
Examples of mid-level PII:
Customer account numbers
Credit card number
Home address
Any personal contact information
If PII in this category is misused, the potential impact could mean a significant amount of trouble for your client — not just an inconvenience.
High-level PII
PII that presents a high level of risk is extremely confidential and should be very well protected. If PII in this category is stolen, the potential impact on your client could be serious physical, social, or financial harm.
Examples of high-level PII
Account information sourced together (for example: credit card numbers, contact info, and purchase history)
Unique personal identifiers like Social Security numbers and passport numbers
Healthcare information like policy numbers and treatment records
Now that we understand what Personally Identifiable Information is and the importance of shielding our client's sensitive data from potential theft, let's discuss some of the steps that you can take to protect PII.
Minimize Risk
Only collect, use, and keep the data you really need. Talk with your client about their level of comfort. They might want to enter their high-level PII into Trustworthy themselves. Make sure that you and (ultimately) your client leverage Trustworthy’s permissions to control access to the account.
Store Physical Data Safely
The digital data inside Trustworthy is secure. Make sure your client is storing any physical data in a secure location like a fire safe.
Know Your Data
Make sure your client knows where their digital data and physical records are stored.
Know Your Client's Preferences
Some clients might have special rules for collecting, storing, and using personal information. Have a conversation with them about PII, their comfort level around having someone else manage their high-level PII, and if they have a plan if their information is stolen.
Stay alert
Criminals can trick people into sharing PII using a personal contact and exploiting human kindness and trust.
Phishing attacks come through email or other electronic sources. They can lure you or your client into revealing PII or downloading malicious code by pretending to be from a reliable or known source.
The client might work with other professionals who mishandle your clients’ PII. If you suspect malicious intent, report it to your client.
That's it for our World Class Security & Privacy training. Here are some resources that will help you master these concepts.