Non-sensitive PII + Sensitive PII = Sensitive PII
Non-sensitive PII refers to any information that is publicly available. If any of the information is combined with sensitive PII, then it would become sensitive PII. Some Examples of Non-sensitive PII are:
- Work phone #
- Work fax #
- Work email address
- Work location
Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. A person’s name in combination with any one of the following:
- Email Address
- Home telephone number
- Place of birth
- Date of birth
- Driver’s license number
- Mother’s maiden name
- Passport number
- Financial, medical, or criminal records
- Biometrics (such as DNA, iris scan, fingerprints)
- Financial/bank account numbers
- Personal or government account credit or debit card number
- Employment information to include ratings, disciplinary actions, performance elements and standards.
Non-Sensitive PII together combined with Sensitive PII = Sensitive PII
Tips for handling PII:
Protect:
Everyone has the responsibility to protect “PII in any form (physical or electronic, sensitive or non-sensitive) from unauthorized disclosure, modification, or destruction in order to ensure its confidentiality, integrity, and availability.”
Destroy:
PII that is no longer needed should be destroyed in order to reduce risk to your organization (follow record retention schedules).
Disclosure:
You should only share sensitive personal information to authorized individuals. If you have doubts about sharing sensitive data, consult with your supervisor or Privacy Manager.
Leave a Reply
Want to join the discussion?Feel free to contribute!