Unit 3 Assignment Of Personal Information

PERSONALLY IDENTIFIABLE INFORMATION

Personal identifying information can be defined as any information that can be used to distinguish directly or indirectly, trace and link to a specific person irrespective of whether the information is the primary or in combination with other data (Sebastian, 2013). Breaches involving PII such as identity theft are hazardous both to individuals as well as to organizations. Disclosure of sensitive PII without the primary authority of the concerned party may lead to substantial damage, embarrassment, inconvenience or unjust treatment of an individual (Wisconsin. Dept. of Health and Social Services, 2010).

Personal identifying information includes (but is not limited to): driver’s license number, social security numbers, email and mobile phone addresses,

financial documents or documents bearing biometric identifiers. PII can also include other identifiers that could be used to contact a specific individual either physically or online by discerning their geographical location and state identification numbers. Personal identifying information can reveal sensitive information regarding an individual (Erika, 2010).

The evolution of the digital world, networking, growth in information technology and globalization runs on a platform of information collection and sharing in an expanding scale.

You can see that data can be pulled from users’ search history, browser history, online preferences, social and working connections, medical knowledge and all aspects of a persons’ life is gathered. The data can be shared with marketers, advertisers, researchers and government agencies. As such, the above habit raises eyebrows in regards to an infringement into the privacy rights of an individual (Daniel, 2009).

Advances in technology have eased the process though which government agencies can access PII and use this information to deter terrorism. However, it also poses a challenge in ensuring the protection of individual citizen’s right to privacy. It is with the same ease that the crime world can breach, steal, trade and misuse digitized or electronic PII to finance terrorism or other criminal activities (U S Congress, 2010). When protecting PII from ending up in unintended hands, or for unintended purposes, the agencies should utilize such collected information limited to the stated

purpose.

The above can be achieved by setting specific limits on the access and use of PII within these institutions and establishing formal legislature requiring external entities to make formal requests before sharing of PII with them. As part of protecting PII, it is recommended that anyone interested in gathering or maintaining a record of the information gets legal authority before collecting any PIIs. Individuals or institutions that collect PII should limit the use of sensitive PII to minimal necessity levels. The organizations should also minimize collection and retention of PII to whatever is strictly important in accomplishing the organizational mission and vision. Categorizing PII within an organization allows determination of confidentiality impact level since all PII is not created with equal importance. As such, this allows the application of safeguards by priority of PII and depending on each PII’s potentiality to harm.

Such access and use should be compatible with the legal authority given to PII. In order to prevent and reduce proliferation of PII, individuals need to formulate methods of protecting such information. Protecting PII against loss, unauthorized disclosure, destruction, use, modification is the primary responsibility of whoever collects such information. They are legally accountable to the use of such information to the specified purpose and openness on the ongoing information collection. As such, the individuals from whom the PII is obtained have a right to know of the collection of personal information, to access that information if need arises. They are also entitled to requesting amendments on such information and to challenging the denial of these rights.

In an effort to create awareness among members of the public, the government and any other data collector should establish mechanisms aimed at informing them of their privacy protection. It is important for organizations to conduct training to all its employees on protection of PII before granting them access to the systems to reduce the likelihood of from unauthorized access, use or disclosure. Organizations can also de-identify PII by removing enough PII ensuring that the remaining data cannot identify, distinguish or assist is tracing an individual. Setting control access lists within institutions enforces access restrictions protecting data from pilferage to unintended sources or to unwanted purpose.

As part of organizational policy, institutions may prohibit or strictly limit PII access though portable and mobile devices that are usually at higher breaching risk than non-portable devices. They can encrypt information before transferring it when need arises to protect the confidentiality of such information. Institutions and individuals should monitor and evaluate the unauthorized access to PII or breaches in confidentiality regarding PII to formulate measures intended to close the loopholes (Erika, 2010).