Blog Post
A PII compliance checklist for your organization
Personally identifiable information (PII) has become a buzzword thrown around in the compliance space. Most organizations know that PII must be protected, but lack in understanding of how this applies to their organization and the steps they need to take to remediate the volumes of sensitive information they hold on consumers.
Understanding what PII is
Generally speaking, PII is defined as information used to distinguish individuals from one another. While PII qualifications vary depending on the specific compliance laws and jurisdictions, examples of these typically include consumer name, birthdate, social security number, and workplace information, just to name a few. Organizations that collect, process, or store any types of PII are responsible for protecting this sensitive information and ensuring that it does not fall into the hands of cyber criminals.
As the incidence of data breaches reach an all-time high and non-compliance penalties become more daunting, failure to maintain PII compliance is not only costly, but can permanently damage a company’s reputation. However, achieving compliance is near impossible if you do not know where this data lives in your organization and what regulations you are measuring PII against.
With a multitude of compliance regulations including GDPR, CCPA, CPRA, HIPAA, PDPA, and many others, understanding exactly which ones apply to your business is a critical first step. Depending on the varying standards across these laws, PII will have slight differences in definition. For instance, GDPR and CCPA are similar, but not the same. The CCPA with the addition of CPRA (going into effect in 2023) acts as the genesis for state-mandated U.S. compliance laws, and although it does borrow principles from the GDPR, the law distinguishes itself as a heavily consumer-oriented law, giving rights and privileges to individuals. On the other hand, organizations dealing with health-related information, will have little use in measuring PII against the above regulations and instead will need a thorough understanding of HIPAA.
Once this is established, then organizations can take steps to make sure that PII is being protected under the applicable regulations. To gain a big picture understanding of where all this data resides across structured and unstructured sources, a PII scanning and discovery tool can be an indispensable resource to ensure your organization avoids liability and risk. Unlike manual approaches to discovering PII, these tools are able to scale and keep pace with the influx of data businesses handle and help them adapt to ever-changing global and regional compliance requirements.
PII Compliance checklist for your organization
After these foundational steps are complete, there are additional actions organizations will need to embrace to effectively secure PII. The following is a standard PII compliance checklist for your organization to follow. Of course, each organization and industry has its own unique needs, so this can be customized as desired.
- Develop policies and procedures to handle PII going forward, including a regular privacy risk assessment.
- Create privacy-specific safeguards like encryption so you can protect the confidentiality of the data.
- Minimize your collection of PII and only collect data that is necessary for performing business functions.
- Report any data branches immediately along with any PII that was compromised.
- Appoint a Data Protection Officer (DPO) who is responsible for enforcing compliance across the company.
Use Ground Labs for PI and PII Data Discovery and Compliance
While these are all helpful tips to keep in mind and reference as you take steps toward PII compliance, a data discovery tool will ensure that you have a holistic look at all of your data and stay on top of the ever-evolving compliance landscape. Use Enterprise Recon to learn exactly what PII data your company has stored, how it is being used, and most importantly, how it is being protected so that you can maintain compliance.
If you are ready to start your data discovery journey, book a demo with a data expert today.