Get All Access for $5/mo

Ever Hear of Pii? What You Need to Know About Its Life Cycle in Business Pii means 'personally identifiable information.' It has nothing to do with the circumference of a circle.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

In high school you learned about pi, remember? Pi is the the ratio of a circle's circumference to its diameter, commonly approximated as 3.14159. All well and good. But now it's time to learn about pii.

Related: Microsoft Offers First Major Endorsement of New EU-U.S. Data Privacy Pact

PII stands for "personally identifiable information." And personally identifiable information can mean an assortment of things, such as name, address, social security number and biometric data, like voice and fingerprint identifiers.

As such, pII isn't always private information, but often it is sensitive. Think: passport number, health information and medical records -- all part of the concept of "privacy" you hear so much about, in terms of personal information and cyberspace. Companies, such as banks and health plans, which store private, personal information about people should allow those same people to determine how their pII is used or revealed.

And that brings up the matter of the pii life cycle. At birth, pii is rounded up and collected because the need exists for this data, for various small business transactions. At death, if you want to call it that, the cycle is finished: Pii data is no longer needed.

What are the in-between stages? After pii is gathered, it's stored and maintained in a computer system. It's ready for use -- the next stage of the life cycle. Along with that exists the need to share the pii, as in disclosure or transfer or even sales/marketing. In a business, when the pii is no longer needed, there are policies that determine when the time period for holding on to the data has expired.

As mentioned, pii is usually of a sensitive nature, though not always, and includes such items as email addresses and birthdates. A business' responsibility is to handle sensitive data with lots of TLC, keeping it protected from theft and private, based on the terms set forth by the business that collects it and the client who agreed to those terms.

In fact, businesses have a lot of heavy responsibility when it comes to handling pii:

  • Proper management of the entire life cycle
  • Protection of data, in offline form as well.
  • Prompt reporting of any violations of privacy

The end of the life cycle may be referred to as disposition. Proper disposition is a must. This entails thorough shredding of sensitive documents. It does not mean tossing out an old computer that still has its hard drive into a rubbish can (where dumpster divers can retrieve it, take out the hard drive and see what kind of juicy data is on it, like bank account numbers and social security numbers).

Businesses need to watch out: Punishment for privacy violation is no picnic and includes the possibility of criminal charges.

Related: Despite Social Media's Popularity, Most Americans Don't Want to Give Up Private Data

The Laws of Privacy

You've probably seen "HIPPA" and heard people say "Hippa." The abbreviation is actually HIPAA, short for the Health Insurance Portability and Accountability Act. This means that your mother's cardiologist isn't going to tell you what's going on with her heart unless your mother "puts you on her HIPAA."

Translation: She authorizes the doctor to share information. HIPAA also bars, for example, nurses telling a reporter why a movie star was treated in the emergency room. HIPAA further makes it possible for patients to access their own records.

Ever hear of COPPA? The Children's Online Privacy Protection Act requires that parental consent be obtained for websites that gather personal information on kids under the age of 13. Here is a brief rundown of other pii elements to be aware of:

  • The Privacy Act of 1974 is a primer for the gathering, use and sharing of personal data.
  • The Office of Management and Budget Mandate M-07-16 requires protection for pii in cyber and offline form.
  • The E-Government Act of 2002, titles II and III, makes it necessary for federal agencies to analyze the influence of privacy for systems that gather public data.
  • Policy Number HHS-OCIO-2008-0001.003: When suspicious things occur relating to pii, action must be taken, and that's where this policy comes in.
  • The National Institutes of Standards and Technology (NIST) Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Check out the information about privacy controls in Appendix J.

If you're unaware of these items, you need to start learning about them now. Security for privacy requires a very systematic, strategic approach on the part of businesses. And the advent of online data has only complicated matters, raising the bar for security and protection.

Related: Apple's Trio of 'Privacy Czars' Grapple With Internal Conflicts Over User Data

What do you still need to learn?

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Science & Technology

5 Rule-Bending AI Hacks to Make Your Mornings More Productive and Profitable

By 2025, AI will transform productivity by streamlining workflows and cutting costs. Major companies like Microsoft, Google, and OpenAI are leading the way, advancing AI into "Phase 3," where tools act as digital assistants. Discover 5 AI hacks to boost efficiency and redefine your daily routine.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.

Business News

Former Steve Jobs Intern Says This Is How He Would Have Approached AI

The former intern is now the CEO of AI and data company DataStax.

Science & Technology

5 Automation Strategies Every Small Business Should Follow

It's time we make IT automation work for us: streamline processes, boost efficiency and drive growth with the right tools and strategy.