What is the preferred method for mailing sensitive PII externally?
Show
Personally identifiable information (PII) is any data that can be used to identify a specific individual. Along with the more traditional types of PII—such as name, mailing address, email address, date of birth, Social Security number and phone number—the scope of what is considered PII has broadened to now include IP addresses, login IDs, personally identifiable financial information (PIFI) and even social media posts. This broad definition of PII creates security and privacy challenges that organizations collecting, processing and storing PII must consider. To help simplify it, PII can be broken down into two categories: sensitive and non-sensitive.
Understanding the Risk of Unsecured PIIEvery single organization stores and uses PII, either on their employees or customers. Take for example a mortgage lending company. The company must collect and process PII in order to process loans. To collect that PII, their customers are likely sending it using multiple legacy methods—fax, FTP or email. Without encryption, these methods do not provide the data privacy, ownership and visibility needed to give customers a positive experience. What’s more, it puts the organization at risk of a breach and of not meeting compliance standards. As organizations collect, process and store PII they must also accept responsibility for protecting this sensitive data. After all, data breaches can occur at all levels of organizational sophistication—take for example the recent First American breach—but the impacts on the organization are often the same: breaches are costly, time-consuming and damaging. Limiting your organization’s risk of exposure to potential threats extends beyond protection against malicious attack though. One careless employee can result in PII being shared with unauthorized recipients. Regardless of how the data is lost, the responsibility still falls on your organization’s shoulders. 6 Steps to Start Securing PII TodayBecause PII is so attractive to bad actors who can sell it on the black market for a pretty penny, it is imperative that no matter the manner in which your business uses it, you secure inbound PII at all times. Failure to do so leaves you exposed and at risk of attacks, heavy fines and loss of customer trust. Here are six practical steps you can take to begin securing inbound PII today:
Encrypting PII for Ultimate SecurityFor organizations that need to secure inbound PII, data-centric encryption is a crucial best practice for keeping it protected as it’s shared within your organization and beyond. You will also need the right set of controls. For instance, if you take that same mortgage company example: having the ability to restrict access to fewer people over the lifetime of a loan application is necessary to ensure compliance with the upcoming CCPA. Protecting PII isn’t just about compliance though. By placing an emphasis on data security and privacy, you can facilitate improved customer experience and streamline communications while protecting their privacy. Not only does this help boost customer loyalty and trust, but it helps in future-proofing your tech investments against evolving requirements. Virtru provides the data-centric protection that organizations need to secure inbound PII. With Virtru, implementing an encryption solution is simple and hassle-free, integrating directly with your existing applications and providing seamless protection. It’s also easy to adopt, ensuring that the security will be fully implemented throughout your organization. Now, with the ability to embed the Virtru Data Protection Platform into your organization’s custom applications, you can leverage industry-tested persistent encryption and access controls to secure inbound PII, all without any added burden for your Engineering team. Learn more about the Virtru Developer Hub here. What is the proper method for emailing sensitive PII?When emailing Sensitive PII outside of DHS, save it in a separate document and password-protect or encrypt it. Send the encrypted document as an email attachment and provide the password to the recipient in a separate email or by phone. [See the instructions in the Handbook for Safeguarding Sensitive PII.]
What is recommended for sharing a file containing PII with an external recipient?Recipient external to EMU: Where possible, the file/document containing the PII should be password protected. The sender should send two emails to the recipient: one with the password protected file attached; the other with the password to be used to access the file. Do not send both items in a single email.
Can I send PII via email?Is it safe to send PII via email? No, you should never send PII over email. However, if you must send PII over email, it needs to be encrypted and certain security protocols must be met to ensure that if it's intercepted, the PII won't be readable.
What is the proper procedure for sharing Polly Smith sensitive PII?In this case, what is the proper procedure for sharing Polly Smith's Sensitive PII? A. Ask the employee for her identification and her reason for requesting Miss Smith's Sensitive PII.
|