Cyber Security Awareness 002: Understanding PII (Personally Identifiable Information)

By -

PII (Personally Identifiable Information)

What is PII and what should I be aware of?

What is PII?

In terms of Cyber Security PII (Personally Identifiable Information) is any information associated with the target that could be used as potential leverage for an attack against that individual, an associate, or the company they work for as well as any clients and suppliers the business deals with.

Usually with an intent to gain further leverage or monetary value against that person/s and or
the company they work for and/or to use any clients and suppliers' details for onselling or further propagation.


Image by Vecteezy

In the EU the GDPR (General Data Protection Regulation) law was formed to make businesses and organisations accountable and give individuals more control and rights over their personal data.

In most other countries privacy laws about digital data and PII fall back to updates to traditional privacy laws.

The loose definition of PII in Australia is: 

’Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and

  2. whether the information or opinion is recorded in a material form or not.’

An example of some PII relating to Cyber Security is: 

Common examples of personal information

  1. Information about a person’s private or family life.

  • A person’s name, signature, home address, email address, telephone number, date of birth, medical records, bank account details and employment details will generally constitute personal information.

  1. Information about a person’s working habits and practices.

  • A person’s employment details, such as work address and contact details, salary, job title and work practices.

  • Certain business information — for example, information about a loan taken out by a sole trader to purchase tools for their business, or information about utility usage — may be personal information about the sole trader.


You can find regulatory details and resources in Australia through:
  1. Federal Register of Legislation
    • At the time of writing this, the current Act In force (latest version) is C2021C00452
  2. OAIC (Office of the Australian Information Commissioner) - What is Personal Information?
  3. ACCC (Australian Competition and Consumer Commission) - Be safe, be alert online
  4. Business  - Protect your customer's information

You should be aware of where the risks lie within your company

Here's a short list to get you started:

  1. What if any training is provided on PII to new and existing staff?
  2. Where and how is employee information stored?
  3. What Databases exist or could possibly exist holding PII and who manages them
  4. Any documentation left in a public area (such as reception and meeting rooms)
  5. What is your archiving and retention process for PII
  6. What is your Privacy Policy and how do you inform everyone about how you handle their information?


Comments

Post a Comment

Popular posts from this blog

Stay COVID Meeting Safe

By -
I've had a number of people asking me recently about using recently popularised Apps due to COVID-19 in personal situations. In my personal opinion, I would steer away from both Zoom and Houseparty in particular, use something that is tried and tested like Messenger , Hangouts , Facetime or WhatsApp and ensure they're up to date as the latter two have also had hacking issues in the past due to people not updating after identified security breaches. Both Apps are very popular at the moment and have had security and privacy concerns raised. Houseparty has been reviewed by security experts which have said: "it's probably safe". It has safe security options but it is up to the end-user to implement them correctly. Having said that if you read the fine print Houseparty uses your personal data and advertising as their income (nothing is free), there have been reports of users having their login details for Netflix and Spotify accounts compromised but these ar
Read more

Filling the G-Apps: RIP Google Legacy

By -
Image
For all those that don't know Google announced Change is inevitable and   The G Suite legacy free edition will no longer be available starting July 1, 2022 Upgrade to Google Workspace by May 1, 2022 If you're one of the lucky few that managed to set yourself up with what was called "Gmail for your Domain" and then " Google Apps for Your Domain " back in 2006 and have managed to keep ahold of your account I'd recommend filling in the form ASAP! For those that don't know the Legacy Edition was originally just the ability to use your own personal domain with some limited personalisation and collaboration through associated Apps such as Google Plus, Calendar, and adding email address accounts to the same domain which then evolved into the back end Admin Console. It's understandable Google wants to deprecate Legacy, it's been around for over 15 years. Whilst storage and business functionality has been limited in comparison to the entry-level busin
Read more