Cyber Security Awareness 002: Understanding PII (Personally Identifiable Information)

By -

PII (Personally Identifiable Information)

What is PII and what should I be aware of?

What is PII?

In terms of Cyber Security PII (Personally Identifiable Information) is any information associated with the target that could be used as potential leverage for an attack against that individual, an associate, or the company they work for as well as any clients and suppliers the business deals with.

Usually with an intent to gain further leverage or monetary value against that person/s and or
the company they work for and/or to use any clients and suppliers' details for onselling or further propagation.


Image by Vecteezy

In the EU the GDPR (General Data Protection Regulation) law was formed to make businesses and organisations accountable and give individuals more control and rights over their personal data.

In most other countries privacy laws about digital data and PII fall back to updates to traditional privacy laws.

The loose definition of PII in Australia is: 

’Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and

  2. whether the information or opinion is recorded in a material form or not.’

An example of some PII relating to Cyber Security is: 

Common examples of personal information

  1. Information about a person’s private or family life.

  • A person’s name, signature, home address, email address, telephone number, date of birth, medical records, bank account details and employment details will generally constitute personal information.

  1. Information about a person’s working habits and practices.

  • A person’s employment details, such as work address and contact details, salary, job title and work practices.

  • Certain business information — for example, information about a loan taken out by a sole trader to purchase tools for their business, or information about utility usage — may be personal information about the sole trader.


You can find regulatory details and resources in Australia through:
  1. Federal Register of Legislation
    • At the time of writing this, the current Act In force (latest version) is C2021C00452
  2. OAIC (Office of the Australian Information Commissioner) - What is Personal Information?
  3. ACCC (Australian Competition and Consumer Commission) - Be safe, be alert online
  4. Business  - Protect your customer's information

You should be aware of where the risks lie within your company

Here's a short list to get you started:

  1. What if any training is provided on PII to new and existing staff?
  2. Where and how is employee information stored?
  3. What Databases exist or could possibly exist holding PII and who manages them
  4. Any documentation left in a public area (such as reception and meeting rooms)
  5. What is your archiving and retention process for PII
  6. What is your Privacy Policy and how do you inform everyone about how you handle their information?


Comments

Post a Comment

Popular posts from this blog

Stay COVID Meeting Safe

By -
I've had a number of people asking me recently about using recently popularised Apps due to COVID-19 in personal situations. In my personal opinion, I would steer away from both Zoom and Houseparty in particular, use something that is tried and tested like Messenger , Hangouts , Facetime or WhatsApp and ensure they're up to date as the latter two have also had hacking issues in the past due to people not updating after identified security breaches. Both Apps are very popular at the moment and have had security and privacy concerns raised. Houseparty has been reviewed by security experts which have said: "it's probably safe". It has safe security options but it is up to the end-user to implement them correctly. Having said that if you read the fine print Houseparty uses your personal data and advertising as their income (nothing is free), there have been reports of users having their login details for Netflix and Spotify accounts compromised but these ar...
Read more

COVID-19 Coronavirus v Technology Path

By -
It's surprising what can instill business remodeling and push for changes in technology or an increase in an uptake. COVID-19 has had an extreme impact in our daily routines and has pushed towards a working from home in ways that would have taken years to become the norm.  Don't get me wrong we've been on our way there in the past few years with the developments onto cloud and SAAS solutions; on-line tools, integrations and deliveries; ICQ to Skype to a plethora of communication solutions. In the company I work for/with I've had to roll out a solution we've has available in a SAAS group but never pushed on as it was a convenience solution in place of face-to-face meetings primarily used for FIFO (fly-in-fly-out) clients that might have a limited schedule to communicate and not be in a convenient location. However now that COVID-19 had reared its head into the workplace it obviously creates a risk factor for a traditional face-to-face meeting which is quite likely to...
Read more