Personally Identifiable Information - PII
First of all, let's start with PII. What is it? PII is a person's name combined with a social security or financial account number. The definition may actually differ depending on the laws of the state you live in. Some states define PII to
include a username, email address, or a
“unique identifier” when combined with a password,
security question and answer, or an “access code” that would permit access to
an online account. For Canadian citizens, business email addresses are considered private information. And for those in the European Union, any non-public information that identifies an
individual is private, including an Internet Protocol
What is a data breach and what if I am a victim?
A data breach
occurs when PII is accessed or acquired without
authorization. Laws in forty-seven
states, Canada, the European Union and other countries provide for regulatory
action and can result in fines or civil law suits.
If you received notification that you are a victim of a data breach, make sure you read the notice carefully to find out what information was
breached and how. The notice will likely provide you with information
about how to check your credit statement, which you should do and continue to
do on a regular basis. Here are some other things to do if you've been a victim of data breach.
- Enroll in credit monitoring or purchase identity theft protection. If the company that breached your PII offers either of these, consider taking advantage of it. The
service may not prevent someone from stealing your identity, but it will help
you to catch any unwanted activity more quickly than you would on your own.
- Make sure you change your passwords on financial and other online accounts. This is
especially important for any account for which you received a breach
- Monitor your financial accounts frequently. Be diligent about this!
- Put a freeze on your credit. But before you do, make sure it’s
the right thing for you. A credit freeze will restrict access to your credit
report and prevent new accounts from being opened in your name. This might not be a good idea if you are
planning a large purchase in the near future, such as a home, car or
furniture. In addition, if you may be looking for a job that entails a background check or you think you might need to have
fast access to increased credit, a credit freeze may not be a good approach.
Consult the Federal Trade Commission website for information on credit freezes. See our tips section for more helpful resources.
What if you breach someone else's PII?
Do an inventory of what is on your personal
devices. Think about situations where you might have PII of someone else.
Do you volunteer as a coach or a classroom parent where you might collect personal information from team or class members? Do you have a side business selling jewelry, clothing or other supplies where you take credit card information for sales? Are you a member of a board where you are in possession of information about others? You may have personal information on your device, computer or in your possession about other people that you've never thought about before. If you do, you can be vulnerable to a data breach.
So what can you do? Prevention is always the best course of action.
- Secure your mobile device with strong authentication tools. Turn on two-factor authentication if it's available to you.
- Remove PII about other people from your devices.
- Securely store or shred physical information about others.
- Think before you act. Be wary of communications that require you to act immediately, offer something that sounds too good to be true or ask for personal information.
- Lock Down Your Login. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device.
- Consider purchasing cyber insurance which can cover most or all of the costs of a personal, client
or business data breach. You can consult your insurance agent to find the right product