The privacy of an individual, a business or even the safekeeping of a nation depends on the security of sensitive information. The Digital Age continues to bring growing data privacy concerns. Wherever and whenever personal data is stored and collected, if left unprotected, it is at high risk of loss, misuse, or unauthorized access.
Increased security concerns can be attributed to the ambiguous nature of a connected world. BYOD, bring your own device, mobile networks, and public IP addresses can provide unprotected environments when accessing sensitive data. Consumers are concerned about identity theft on a daily basis and businesses and government identities are faced with protecting themselves against cyber threats and malicious attacks on multiple fronts, including from within their own organizations.
This leads to the necessity of understanding three things- what types of information need protection, more comprehensive knowledge of what avenues provide access and knowing what laws currently are in place if a hack does occur. In keeping with the rule of three- three types of data; personally identifiable information, intellectual property, and financial information are the three jewels in the data security crown.
Personally Identifiable Information (PII) – Data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another or when cross-referenced with other data sources could re-identify the previously anonymous person. Sensitive PII is information when disclosed, could result in harm to the individual whose privacy has been breached. Sensitive PII should therefore, be encrypted in transit and when data is at rest.
- Sensitive PII includes:
- Biometric Information
- Medical Information
- License Number
- Birth Date
- Social Security Numbers, Citizen Visa Code, etc.
- Employee ID
Intellectual Property (IP) – Intellectual property (IP) generally refers to creations of the mind. In business, IP specifically calls out to sales and marketing plans, new product plans, notes associated with patentable inventions, customer and supplier information, and creative (logos, brand identity.). Much of this information can be categorized as trade secrets, by which a business can obtain an economic advantage over competitors or customers. For this reason, it can be especially damning when it falls into the wrong hands. IP is legally protected through Intellectual Property Rights.
- Types of Intellectual Property Rights
- Industrial Design Rights
- Trademarks, etc.
Financial – Financial information is any information that can be unlawfully obtained during the offering or delivery of a financial product/service or processing of a purchase. The economic loss can be great when financial information combined with non-sensitive and /or sensitive PII leaks occur.
Types of Financial Information
- Credit Cards
- ACH Numbers
- Bank Account Information
- Loan Information
- Investment Information (Stock, Trade, 401K, etc)
- Payroll Information
- Non-salary Information (expenses, pension, fringe befits, etc.)
In over 80 countries personally identifiable information is protected by information privacy laws, that outline the limits of the collection and use of personally identifiable information by public and private entities. These laws usually require entities to give clear and unambiguous notice to the individual of the types of data being collected, its reason for collection and planned uses of the data. In consent-based legal frameworks, explicit consent of the individual is required as well. Interesting to note is that rather than invoking a comprehensive framework, the United States has, in contrast, a patchwork of privacy legislation pertaining to different specific aspects of data privacy, relying on a mix of legislation, regulation, and self-regulation.
In order to self-regulate, one must understand how. Employing state of the art security solutions is one of the first necessary steps to take in order to secure data anywhere and everywhere.