This website uses cookies to ensure you have the best experience. Learn more

Personally Identifiable Information (Pii) And Data Breaches

1564 words - 7 pages

Personally Identifiable Information (PII) and Data Breaches
By Stevie D. Diggs
University Maryland University College
IFSM201 Section 7974 Semester 1309

Personally Identifiable Information (PII) and Data Breaches
Knowing and training on personally identifiable information (PII) is important in today’s society. There has been research on data breaches and identity theft that links them both together. This is to help personnel have a clear understanding on the impact of what is at steak and an explanation of PII. Many businesses and organizations have different definition for PII because of the classification of data for each, and that is why understanding PII is important. Examples of ...view middle of the document...

A service member picture, SSN, along with full first, middle, and last name was accessible if the ID card was lost or stolen. PII is ―any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information (McCallister, 2010). This definition is based on an organization and the records they may hold. The United States Department of Labor has a similar definition but also further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors) (Doing Business With the Department of Labor -- Guidance on the Protection of Personal Identifiable Information). This data is personnel information that can be access via electronic or paper. How is unauthorized access to this data happening?
Data breaches have been increasing since the last decade involving PII. Verizon conducted research on security breaches that occurred in 2011 which had a negative impact on personnel. These breaches sometimes lead to actual identity thefts in which the PII is used to open financial accounts and make fraudulent purchases in the victims' names (Chalmers, 2013). The data retrieved from the breach is not always used by the hacker. Cyber criminals and data thieves
assign great value to PII, not because the information itself is valuable but because they can sell it or use it to gain access bank accounts and physical assets (Bucolo, 2013). Personnel are not the only ones affected by the breaches. Businesses are also impact by the breaches which occurred within their organization. As a result both the personnel and business is affected financially. “Data breaches are spiraling out of control, and companies like Sony, Citi and Epsilon are finding out just how expensive it is to not protect customer data properly,” stated Suni Munshani, CEO of Protegrity and author of the report (Murphy, 2009). Multiple reports have stated that if a proper policy was implemented along with adequate training, breaches could have been prevented.
Many of the articles stated that only those with the need to know should have access to certain data. One way to manage and limit access to certain data is by classifying the data. For a business they can use restricted, confidential, and public. Restricted would include personal data such as credit card and financial account number,...

Other Papers Like Personally Identifiable Information (Pii) and Data Breaches

Security Awareness Training Essay

622 words - 3 pages ), contractors, doctors, nurses, and anyone that has or could gain access to confidential information like partners and volunteers. Information like Personal Identifiable Information (PII), patient records, hospital financial information, staff payroll and personal records, to mention a few, must be protected against physical or electronic attacks. Making all personnel aware of potential threats, vulnerabilities, reporting security breaches and the

Ifsm201 Identity Theft Essay

946 words - 4 pages conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.” In essence anything can be used to

Riordan Security Assessment Week 5

3471 words - 14 pages social media sites. Company websites and online applications have to be coded to avoid buffer overflow and code injection attacks. Company databases should be encrypt any Personally Identifiable Information (PII), and more granular controls need to be enacted on the Access Control List (ACL). Local facility servers should be audited on a regular basis. All firewalls should run intrusion detection and traffic analysis software. References Dulaney, E. (2011). CompTIA, Security+, Study Guide 4th Edition. Indianapolis, IL: Wiley. Harris, S. (2010). ALL-in-One CISSP (5th ed.). New York, NY: McGraw Hill.

Private Sector-Public Sector Cybersecurity Issues

1682 words - 7 pages . Geolocation tools collect meta-data, which may include Personally Identifiable Information (PII). The lawmakers should ensure that PII and privacy is safeguarded (King, 2011). Dixon et al (2014) recommend the regulations below to protect the consumer. These recommendations address consumer scores, which are part of the meta-data collected from consumers: • Lawmakers should ensure all data is public, including how and where the data was collected

Business Intelligence

2246 words - 9 pages ISAS 640 9040 – Decision Support Systems and Expert Systems Dr. Ashraf Shirani Literature Review for Group 1 Group Members: Leslie Allen Joe Nimely Oluranti Odofin Gary Turner The topic for the research paper will be business intelligence, most specifically the impact on privacy. The data gathered through various business intelligence technologies, while it may not be personally identifiable information such as name and/or

External Environment and Government Policy

1330 words - 6 pages organization has some set of policies and processes to address them. Another major challenge for healthcare organizations is the responsibility to protect personally identifiable information for patients and employees. HIPAA requirements were designed to protect patient privacy, and severe penalties can be imposed if the rules are violated. That risk is on the rise as the number of data breaches in 2008 climbed almost 50 percent over 2007

Packet Sniffing Prevention

573 words - 3 pages .” • Track 2 data comprises only the credit/debit card’s numbers, expiration date and security code. • Names or other personally identifiable information like social security number or bank account numbers were revealed. • Ken Pappas, security strategist at Top Layer Networks, states the breaches occur as retailers fail to encrypt the card data at the point of the swipe. • Pappas stated companies don’t encrypt card number sent from cash registers until

“Economics of It Security Management”

2775 words - 12 pages not subject to many of the laws and regulations that compel larger businesses to self-report and even when companies are required by law, to report security breaches, anything that does not meet the legal threshold is likely to go unreported. Undetected losses also generate indirect costs: consumers become more wary of utilizing electronic payments after their data is compromised, whether or not they know the source, and business partners may

: It Security and Disaster Recovery Management

1012 words - 5 pages and survey data from alumni and other stakeholders were gathered to determine external factors potentially affecting each universities future. Numerous focus groups and forums along with board are held with campus-wide groups to gather input from internal constituents regarding capabilities and needs. As information is synthesized, alternatives analyzed, and preliminary conclusions developed, the committee or board validates these analyses with

Project Proposal: Migrating to the Cloud

694 words - 3 pages are hosted in the cloud, some of our backend applications and data processing I believe should not take place in the cloud unless we can verify a need for it to be hosted in the cloud. However I don’t support the need to move Personally Identifiable Information (PII) and sensitive information to the cloud yet as I am not fully convinced that any particular service provider is compliant with the needs of our business and the level of compliance

It Policy

2399 words - 10 pages tamper checking to validate all code within the system (Stamp). 3. Identity Theft with our member’s information This is another critical issue that both employees and clients should be well aware of. If both parties allow ease of access to their personally identifiable information (PII) this could allow an outsider into the network with lack of effort. Currently First Bank only holds onto information that is relevant for business purposes. I

Related Essays

Cis 500 Asgmt 2 Harnessing Information Management, The Data, And Infrastructure

1962 words - 8 pages Harnessing Information Management, the Data and Infrastructure CIS 500: Information Systems for Decision-Making Amazon’s success can be considered to be based on its’ ability of its’ Information Systems (IS) and Architecture to capture, analysis and manage information about its’ customers. Many organizations have the capability to do the same but without the same success, so why the difference? In a 2004 interview with Business Week’s

Identify The Goal Of The Company And Describe The Strategy That Was Adopted To Achieve It. Explain With Full Reference To Available Information And Data How Successful, Or Otherwise, This Strategy...

1408 words - 6 pages Identify the goal of the company and describe the strategy that was adopted to achieve it. Explain with full reference to available information and data how successful, or otherwise, this strategy turned out to be in practice. Company overview Bunge Company was found in 1818 by a German merchant, Johann Peter Bunge in Amsterdam, Holland. It was to merchandise grains and imports from the Dutch colonies. The company has since grown to become one

When Faced With Growth Essay

964 words - 4 pages Understanding The Concept of Protecting Personal Information (PPI) IFSM 201 6381 Concepts and Applications of Information Technology (2158) University of Maryland University College Understanding The Concept of Protecting Personal Information (PPI). Personally Identifiable Information or PII is information that can be used to distinctively identify, contact, or locate an individual. PPI

Ifsm301 Research Paper

506 words - 3 pages Understanding Impacts Ethics and Privacy. In The Refractive Thinker (pp. 81-102). Press. Hann, I.-H. H.-L.-Y. (2007). Overcoming Online Information Privacy Concerns: An Information-Processing Theory Approach . Journal of Management Information Systems, 13-42. McCallister, E. G. (2010). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Gaithersburg: National Institute of Standards & Technology Special Publication