What is PII? – Our Online Privacy

PII is an acronym for “Personally Identifiable Information” which includes (but is not limited to) the following:

PII broadly refers to ANY information which could be used to distinguish or trace an individual’s identity. Even the most innocuous data can be used to identify a person. At one time, schools, clinics, and other institutions (including the Federal government) used birthdates or portions of the SSN to confidentiality identify individuals.

Unfortunately, many scam artists and identity thieves have discovered how to derive a Social Security Number from commonly available information like date and place of birth and age. This means it is now even more difficult for public institutions to anonymously identify individuals without giving away information that could easily be used by identity thieves, and this is where using a privacy filter can really help you protect all this sensitive data. 

It is important that everyone, not just those who work with PII, practice some good common-sense techniques when sending any of the above information over the Internet. Although we generally think our e-mail systems to be secure, they typically are not–and can often be viewed by a smart hacker.

The good news is that there are a variety of freely available encryption programs that can help you secure your personal data when sending through e-mail. WinZip is one of these encryption software titles that are freely available (with a modest price-tag for the full version). WinZip allows you to quickly and easily zip a document with high-enough encryption to provide reasonable security against a third-party viewing the information.

This provides an added benefit of compressing the document you’re sending–which makes the message quicker to send! Simply encrypt the file with a password and send the file to the recipient, then call, text, or send a second e-mail to the recipient with the password for the attachment. They can then ‘unzip’ the file using the encryption password. While doing this adds a few minutes extra to your work in sending an e-mail, it will help keep sensitive information sensitive.

The result of sending unencrypted PII over the internet can be disastrous–especially if you’re sending the PII of multiple individuals! The Department of Commerce, which oversees dozens of other agencies (including my own), has found this out all too well. In the last 6 months, there have been at least half a dozen reported breaches of PII security protocol. This means that someone sending PII data through e-mail failed to encrypt the data before sending the message.

While the DOC has not yet found any evidence of malice or determined that any of the PII was used or accessed by third parties, the cost to the agency is still very high! By law, the DOC is required to notify ALL persons who may have had their PII breached, which in this case, included well over tens of thousands of employees–that’s an out of a letter to send out! What’s worse is that these types of breaches cause distrust by the employees who were involved.

What if an agency sent unencrypted PII of public individuals who could not be easily notified or protected? Who would be responsible for any identity theft damages associated with such a breach? What do you think the Department of Commerce will have to do to reign in all their recent PII breaches?