PII. Personally identifiable information. All the tidbits about a person that they hope no one is keeping track of…but someone always does.  Are you collecting sensitive information about the people with whom you interact? Whether you operate a nonprofit or a small business, you have more access to PII than you may recognize. Make sure you handle personal information in a way that is not only legal, but shows people the respect you show them in your daily interactions.

Figure out whether the information you collect is legally protected.

This can be difficult to pinpoint due to different requirements at state and federal levels as well as industry-specific requirements. You may even want to talk to a lawyer when it comes to the details. Generally, however, use special care with any information that can be used to directly or indirectly identify a person. Yes, that means a social security number. But it also can mean a home address without a city--or even that birthdate you jotted down in hopes of sending a friendly birthday card.

Collect and keep only the information you need.

We are talking about being responsible with other people’s information. What information is the most secure? That which is never collected. Consider carefully whether the personal information you collect is really necessary. (Think of the birthday card.) Remember, no breach can leak information you do not have on hand.

The next most secure data is that which was handled properly and deleted promptly. Limiting access to information does not show distrust to your coworkers as much as it shows respect to the people whose information you hold. If you have not done business with someone in quite awhile, it may be time to pare down the information you have on file. Make sure you dispose of the information in a way that keeps it from being pieced together afterward.

Guard the information you have.

This means limiting access within your organization to people who are trustworthy and have legitimate need for the information. Here are some tips on how to safeguard the information you collect:

Restrict access to hard copies of PII:

• Make minimal copies and shred them when they become unnecessary.
• Secure paper records not in active use under lock and key.

Restrict access to electronic copies of PII:

• Close windows when not in use.
• Save files in password protected or otherwise restricted-access formats.
• Implement access controls on files containing PII on shared network drives.

If you must transmit PII, use special care:

• Make sure the recipient understands the protected nature of the information.
• If transmitting via email, use an email encryption service.
• If transmitting via a mobile device such as a CD or USB, encrypt those files too.

Identity thieves and hackers are real threats to our information and the information of those with whom we interact. Whether we run a non-profit or a small business, how we handle the information we collect matters. Let’s do our part to handle other peoples’ information carefully to not only meet our legal obligations, but to take care of our neighbors as well.

Can Frontline help?

We at Frontline Technology will gladly help secure your network, set up appropriate permissions on your shared sites, and provide email encryption services.