Understanding The Concept of Protecting Personal Information (PPI)
IFSM 201 6381 Concepts and Applications of Information Technology (2158)
University of Maryland University College
Understanding The Concept of Protecting Personal Information (PPI).
Personally Identifiable Information or PII is information that can be used to distinctively identify, contact, or locate an individual. PPI is sensitive information that is associated with a person. These information should be accessed only on a strict need-to-know basis and handled and stored with great care. Personally identifiable information is information that can be used to ...view middle of the document...
Record of all devices like computers, laptops, copiers, etc to find out where the company stores sensitive data. Companies must keep inventory of the information they have by type and location. Paying great attention to details in regards to every location that sensitive data may have been stored is very important.
Narrow Down: This has to do with storing only the PII information that the company needs. The use of social security number in case of employee’s identification or customer identification number all the time should be discouraged. Social Security numbers should only be used for lawful purposes, for example like reporting employee taxes. The usage of Social Security numbers unnecessarily must be discouraged. The publication of certain types of personally identifying information can be innocuous. For example, a person may voluntarily publish personally identifying information in a social network page. Examples of this include a person's full name, age, gender, city and state of residence, etc (Wilbanks, 2013, p. 1). Many people may not find this offensive.
However, the publication of other types of personally identifying information may be harmful. For example, the publication of a person's name, Social Security number, bank account number and a password to electronically access the bank account exposes the person to the risk of identity theft and monetary theft. Typically, people do not voluntarily publish this latter type of personally identifying information (Wilbanks, 2013, p. 2)
Padlock it: This is safeguarding and protecting the information that was kept. Storing of paper documents, external hard drives, flash drives, etc should be kept in a very secured location. Companies should limit access only to employees with a legitimate business need. Controlling who has the key to the safe, and the number of keys should be put into consideration.
Encryption of data should be encouraged. One must not store sensitive information on the computer that has internet, unless it is necessary for transaction purposes.
Securing the network is equally important. Any port on the network that is not being used...