Cyber Monday Sale! 50% Off All Access

Ever Hear of Pii? What You Need to Know About Its Life Cycle in Business Pii means 'personally identifiable information.' It has nothing to do with the circumference of a circle.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

In high school you learned about pi, remember? Pi is the the ratio of a circle's circumference to its diameter, commonly approximated as 3.14159. All well and good. But now it's time to learn about pii.

Related: Microsoft Offers First Major Endorsement of New EU-U.S. Data Privacy Pact

PII stands for "personally identifiable information." And personally identifiable information can mean an assortment of things, such as name, address, social security number and biometric data, like voice and fingerprint identifiers.

As such, pII isn't always private information, but often it is sensitive. Think: passport number, health information and medical records -- all part of the concept of "privacy" you hear so much about, in terms of personal information and cyberspace. Companies, such as banks and health plans, which store private, personal information about people should allow those same people to determine how their pII is used or revealed.

And that brings up the matter of the pii life cycle. At birth, pii is rounded up and collected because the need exists for this data, for various small business transactions. At death, if you want to call it that, the cycle is finished: Pii data is no longer needed.

What are the in-between stages? After pii is gathered, it's stored and maintained in a computer system. It's ready for use -- the next stage of the life cycle. Along with that exists the need to share the pii, as in disclosure or transfer or even sales/marketing. In a business, when the pii is no longer needed, there are policies that determine when the time period for holding on to the data has expired.

As mentioned, pii is usually of a sensitive nature, though not always, and includes such items as email addresses and birthdates. A business' responsibility is to handle sensitive data with lots of TLC, keeping it protected from theft and private, based on the terms set forth by the business that collects it and the client who agreed to those terms.

In fact, businesses have a lot of heavy responsibility when it comes to handling pii:

  • Proper management of the entire life cycle
  • Protection of data, in offline form as well.
  • Prompt reporting of any violations of privacy

The end of the life cycle may be referred to as disposition. Proper disposition is a must. This entails thorough shredding of sensitive documents. It does not mean tossing out an old computer that still has its hard drive into a rubbish can (where dumpster divers can retrieve it, take out the hard drive and see what kind of juicy data is on it, like bank account numbers and social security numbers).

Businesses need to watch out: Punishment for privacy violation is no picnic and includes the possibility of criminal charges.

Related: Despite Social Media's Popularity, Most Americans Don't Want to Give Up Private Data

The Laws of Privacy

You've probably seen "HIPPA" and heard people say "Hippa." The abbreviation is actually HIPAA, short for the Health Insurance Portability and Accountability Act. This means that your mother's cardiologist isn't going to tell you what's going on with her heart unless your mother "puts you on her HIPAA."

Translation: She authorizes the doctor to share information. HIPAA also bars, for example, nurses telling a reporter why a movie star was treated in the emergency room. HIPAA further makes it possible for patients to access their own records.

Ever hear of COPPA? The Children's Online Privacy Protection Act requires that parental consent be obtained for websites that gather personal information on kids under the age of 13. Here is a brief rundown of other pii elements to be aware of:

  • The Privacy Act of 1974 is a primer for the gathering, use and sharing of personal data.
  • The Office of Management and Budget Mandate M-07-16 requires protection for pii in cyber and offline form.
  • The E-Government Act of 2002, titles II and III, makes it necessary for federal agencies to analyze the influence of privacy for systems that gather public data.
  • Policy Number HHS-OCIO-2008-0001.003: When suspicious things occur relating to pii, action must be taken, and that's where this policy comes in.
  • The National Institutes of Standards and Technology (NIST) Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Check out the information about privacy controls in Appendix J.

If you're unaware of these items, you need to start learning about them now. Security for privacy requires a very systematic, strategic approach on the part of businesses. And the advent of online data has only complicated matters, raising the bar for security and protection.

Related: Apple's Trio of 'Privacy Czars' Grapple With Internal Conflicts Over User Data

What do you still need to learn?

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

There Are Certain Words That Will Break ChatGPT. I Tried Them — Here's What Happened.

ChatGPT appears to be unable to process requests that contain a few notable names.

Fundraising

'Elevator Pitch' Meltdown: Watch the Moment That Broke This Entrepreneur's Brain

On this episode of 'Entrepreneur Elevator Pitch,' an investor makes an offer that leaves a contestant speechless.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Leadership

Leadership vs. Management: How to Understand the Difference and 6 Ways to Bridge the Gap

Here are the key differences between leadership and management, highlighting their complementary roles and providing six strategies to develop managers into future leaders.

Business News

Tesla Cybertruck Factory Workers Reportedly Told 'You Do Not Need to Report to Work' for 3 Days This Week

According to a memo first viewed by Business Insider, Tesla factory workers in Austin were reportedly told to stay home Tuesday through Thursday.

Business Process

5 Powerful Ways to Streamline Your Work Processes with AI

The correct way to combine AI, automation, and human talent in the modern world by adopting a hybrid model. Learn the key steps businesses can take to successfully streamline operations and enhance performance using advanced technology.