Personally Identifiable Information – CompTIA Security+ SY0-401: 2.6

Our personal information is more at risk than ever. In this video, you’ll learn about personally identifiable information and some of the security concerns surrounding our personal privacy.

<< Previous Video: Security Policy Training and ProceduresNext: Information Classification >>

If you work in technology, you will eventually be faced with the challenges of PII it stands for Personally Identifiable Information. PII might be things like an address, a telephone number, perhaps a picture of someone, maybe a credit card number or social security number.

All this information is very private, and it’s something that needs to be handled a little bit different than other types of data. And it needs to be well spelled out in your security policy, not only so that the internal group within your organization understands how to handle the data, but you want to be sure that your customers know how you’re handling their personal information.

Maybe this data is something that’s stored in your database for a very short period of time, and after you’re done using, it you dispose of it. Or maybe it’s kept for very long periods of time. This needs to be well spelled out in your privacy policy.

This is something that we almost forget about when you’re using it so much in the daily use of your job. This is in a call center, you may be seeing people’s identification on your screen and interacting with them all day. But even though this becomes something very common for us to see on our day to day jobs, it’s still important to remember that it’s personal data and it needs to be handled with sensitivity.

The challenges around PII can clearly be seen when there is a type of security breach of your personal information. Good example of this was in July of 2014, there was an advisory put out by the Department of Homeland Security National Cyber Security and Communications Integration Center in the United States. And this advisory warned that in certain hotels, specifically in the Dallas fort worth area, that there were key loggers that were put on to the computers that are in business centers.

This is very common in hotels, or if you’re staying a hotel there will be computers that will have printers, connections to the internet, that will be accessible to you to use when you’re staying at that hotel. Well, the bad guys know this, and they stepped into the business center and installed malware that specifically captured keystrokes on those devices.

And so if you went into this computing center, into the business center, and you logged into your email or your corporate VPN, the key strokes that you’re typing on that keyboard may have found their way back to the end users. And the advisory said that the suspects obtained large amounts of information, including PII such as bank, retirement, and personal webmail accounts.

This is the type of information we want to be sure in our organization that it stays safe and secure. And you want to be sure that when you’re dealing with PII that you have very well established policies so that you know exactly how to handle that data.