Understanding Personally Identifiable Information (PII) and Data Security
Learn about Personally Identifiable Information (PII), its importance, history, legal aspects, and incidents related to data security breaches. Discover how PII can be misused and steps to safeguard it.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Welcome to CIT 2016 Session: Presenters: Personally Identifiable Information and You Seth Pheasant & Jeff Grabb
What is Personally Identifiable Information (PII)? Basics: Information about an individual which allows some other entity to identify the individual. Examples: SSN, Bank Account Number, Etc.
History of PII ISU s History: Transition from SSN to UID Impact: Exposes individuals to an array of criminal exploits. (stalking, stolen identity, etc.)
Group Interaction When does it become PII? - John - John born 02/14 - John Smith born 02/14 - John born 02/14/86 - John Smith born 02/04/86 SSN 123-45-6789
An Important Point A common misconception is that PII only includes data that can be used to directly identify or contact an individual (e.g., name, e-mail address), or personal data that is especially sensitive (e.g., Social Security number, bank account number). The OMB and NIST definition of PII is broader. The definition is also dynamic, and can depend on context. Data elements that may not identify an individual directly (e.g., age, height, birth date) may nonetheless constitute PII if those data elements can be combined, with or without additional data, to identify an individual. In other words, if the data are linked or can be linked to the specific individual, it is potentially PII. (IT Law Wiki)
PII Legality Federal Law: None for regulating private entities. California Senate Bill 1386: Focuses on identity theft. Privacy Act of 1974: Regulates government collection of PII.
ISU Incidents & Close Calls COB Incident(s): Open share, lots of data, big issues Mainframe Display: First web-app for the mainframe displayed course instructor s SSN in the clear.
Non-ISU Incidents DNC Hack: Likely preformed by a foreign government - disclosed thousands of emails and documents. MLB Hack*: Cardinals ex-executive had unauthorized access to the Astros database.
Current Efforts University Policy: - 9.8 deals with overall information security. - Records retention (in progress) Tech Solutions: Risk mitigation solutions following a cross-functionally developed protocol.
