What is sensitive data and where does it live in collaboration?
Every organization handles some form of sensitive data, such as intellectual property, financial records, legal documents, and regulated information like payment card details, protected health information, and personally identifying information (PCI/PHI/PII).
The goal of sensitive data management is to identify and mitigate the risks associated with handling regulated data and discuss confidential business dealings in collaboration tools like Slack and Microsoft Teams. Any of this information, if leaked or exfiltrated, could harm the company's reputation, cost market share, or lead to lawsuits and regulatory action.
What is personally identifiable information (PII)?
Personally identifiable information (PII) is any information, that linked to a specific individual, used alone or with other relevant data, that can uncover their identity.
There are two types of identifiers – ones that contain direct identifiers, e.g. passport information or a unique customer number that can identify an individual uniquely, or indirect identifiers, so called quasi-identifiers, such as date of birth, that combined with other quasi-identifiers, e.g. zip code, could successfully reveal an individual’s identity.
Why is PII protection important?
PII can be compromised in different ways, and with just a few pieces of personal information, malicious actors can do great harm – some of the many possible scenarios would be creating false accounts in your name, racking up debt, or even falsifying a passport in your name, and stealing and selling your identity.
With business increasingly happening online, digital files can be easily hacked and accessed by cybercriminals, especially if your cyber protection is too lose. Without robust protection in place, and a PII protection policy, organizations and their customers are exposed to great risk.
One of the easy ways for cybercriminals to try and get a hold of PII is through email. With email as the primary means of communication, a lot can be at risk, if you’re not securing your environment well enough.
How to protect personal identity information (PII)
Mimecast's SaaS-based subscription service addresses all the challenges that financial services organizations face when protecting PII and other sensitive information contained in email. Leveraging a true cloud architecture, Mimecast solutions help to reduce the cost and complexity of protecting email while dramatically improving performance and enhancing security posture and compliance.
Mimecast solutions for protecting PII help:
- Protect against email-borne security threats. Mimecast not only stops spam and viruses but also mitigates spear-phishing, impersonation attacks, ransomware, a man in the browser attack and other sophisticated attacks.
- Improve email resiliency with 100% uptime. Mimecast Mailbox Continuity provides uninterrupted access to live and historic email and attachments – even during outages and attacks – using everyday tools like Outlook for Windows, mobile applications and the web.
- Simplify archiving and compliance. The Mimecast Cloud Archive serves as a central off-site repository for email, files and IM conversations, providing users with lightning-fast search capabilities and administrators with tools to simplify email retention policies, e-discovery and legal hold. Mimecast also makes it easier to manage PCI-DSS and FINRA compliance as well as SEC email retention requirements.
- Empower users. Mimecast gives your users tools for self-service security, archiving and continuity as well as capabilities for sending messages and sharing large files securely.
Protecting PII with Mimecast
Protecting PII (personally identifiable information) in email communications is a critical part of financial services compliance. Email has become the primary means of communication with colleagues, customers, vendors and partners, and organizations in financial services are obligated to implement secure and effective solutions for protecting PII.
This requirement is made more urgent by the fact that email is the #1 attack vector for hackers seeking to steal PII and other sensitive information. Financial services companies are vulnerable to a wide variety of sophisticated email-borne attacks that are designed to dupe users and to fool even the most discriminating employees. The job of protecting PII is made more complex by strict and evolving regulation, distributed workforces and complex IT environments.
Mimecast can help. With an all-in-one approach to email security, archiving and continuity, Mimecast provides cloud-based services for protecting PII, email systems and users while simplifying management of business email.
Benefits of protecting PII with Mimecast
With Mimecast, you can:
- Quickly rollout and scale solutions for protecting PII while reducing operational and capital costs, thanks to Mimecast's 100% cloud SaaS solution.
- Improve security and resilience for Microsoft Office 365, Microsoft Exchange and Google G Suite.
- Simplify email management with a single console for setting policies, reporting, troubleshooting and managing email security, archiving and continuity.
Learn more about protecting PII with Mimecast, and about Mimecast healthcare compliance solutions.
FAQs on PII Protection
What is considered PII or personally identifiable information?
Any information connected to a specific individual that can be used to uncover their identity is considered personally identifiable information (PII).
Examples for PII include –
- Full (Legal) Name
- Home Address
- Email Address
- Social Security Number
- Passport Number
- Driver's License Number
- Credit Card Numbers
- Date of Birth
- Telephone Number
- Owned Properties e.g. Vehicle Identification Number (VIN)
- Login Details
- Processor or Device Serial Number
- Media Access Control (MAC)
- Internet (IP) Address
- Device IDs
- Cookies
These are considered PII because they are static identifiers, that consistently link to a particular person or group of people. When combined with other pieces of information, they could successfully identify, trace, or locate a person or group of people.
Who is responsible for PII protection?
Both, individuals and organizations, are responsible for protecting personally identifiable information.
Individuals must be careful when sharing their personal information, and must make sure to follow cyber hygiene best practices.
On the other hand, organizations dealing with PII must implement strong security measures, establish data protection policies, and comply with relevant (local) regulations. Additionally, providing regular security awareness training to employees helps raise their awareness of cybersecurity threats, and educate them to stay vigilant in the digital space.
What are some of the common risks while dealing with PII data?
Dealing with PII carries a lot of risks, as it involves handling individual’s sensitive information.
What is PII compliance?
PII compliance refers to complying to data protection laws and regulations, that govern how PII is being handled, stored and used.
Common regulations include GDPR, HIPAA, CCPA, and PCI DSS.
