that persons identity is called personally identifiable information, or PII. This is a broad category that includes information such as:
• Name; • Social Security Number;
• Date of birth; • Place of birth; • Mother‘s maiden name; • Biometric records (fingerprint, face, etc.); • Medical records; • Educational records;
• Financial information; and • Employment information.
- Organizations that collect PII are responsible to protect it. The Department of Commerce recommends that “organizations minimize the use, collection, and retention of PII to what is strictly necessary to accomplish their business purpose and mission.” They go on to state that “the likelihood of harm caused by a breach involving PII is greatly reduced if an organization minimizes the amount of PII it uses, collects, and stores.” 10 Organizations that do not protect PII can face penalties, lawsuits, and loss of business. In the US, most states now have laws in place requiring organizations that have had security breaches related to PII to notify potential victims, as does the European Union. Just because companies are required to protect your information does not mean they are restricted from sharing it. In the US, companies can share your information without your explicit consent (see the following sidebar), though not all do so. Companies that collect PII are urged by the FTC to create a privacy policy and post it on their website. The State of California requires a privacy policy for any website that does business with a resident of the state (see Information Systems for Business and Beyond (2019) pg. 271
Made with FlippingBook flipbook maker