PII 101: AN FAQ
- Did your business lease photocopy machines for work and then return them without wiping other people’s personal data from the machine?
- Have you ever sent someone else’s personally identifiable information, including their name and address, or name and date of birth, or photograph, or driver’s license information or photograph to someone else over an end-to-end unencrypted system even if you were verifying identity?
- Did your security or surveillance team put up a printout of a watchlist with people’s information on the wall of your room or did your store distribute flyers with that information?
- Has your organization suffered a data breach, and did you make it a point to quickly inform everyone whose data was compromised that their data was compromised?
- Do you understand what encrypted email is, and know that most email systems are not encrypted? Or that just because you need a password to access it, it doesn’t make your system encrypted.
- Or, just because your email is encrypted and the person you’re sending to also has an encrypted email address, your system might not have end-to-end encryption because they’re connected by an unencrypted telecom or internet service provider?
- And did you know you shouldn’t do that in most states while sending PII — unless you had an agreement with that third-party provider specifically covering sending sensitive personal information?
- Did you know that 47 states, D.C. Puerto Rico, Guam and the U.S. Virgin Islands, and several federal agencies, including the FTC, SEC, and FCC have strong data breach laws to protect people’s identity from theft?
- And were you aware that even if you’re in New Mexico, which doesn’t have data breach laws, but are sending information to Wisconsin, which does, or sending it from Alabama to South Dakota (the other two states that don’t have specific laws) but over a server sitting in Pennsylvania or via an email service provider based in California, you have a problem?
If you’re in banking or the healthcare industry, you almost certainly have a bunch of stringent rules you’re supposed to follow when it comes to transmitting sensitive personal information. But in our experience, many other businesses in the United States, including in the casino, hotel, and retail sectors, are remarkably casual, or perhaps, unaware, about the sharing of PII data, whether on customers or on employees, and that information could cause serious financial, legal and reputational harm.
Matters are complicated by the fact that there are multiple jurisdictional and multi-agency laws you need to follow, and some of them can be confusing.
This FREE downloadable guide is intended to clear up that confusion, and explain the concept of personally identifiable information: What It Is. Why It Matters, And Why Not Knowing Everything About It And Not Taking All Reasonable Measures To Protect It, Could Land You And Your Organization In Big, Big Trouble.
The document covers the transmission of sensitive personal information data through different means, details why communication systems like email are inherently insecure and could leave you and your organization open to civil and criminal penalties — if PII is transmitted unencrypted, shared, stored or read on insecure devices — provide clarity on the statutes governing the viewing and sharing of consumer PII for businesses, including casinos, explain security breaches and the compliance requirements mandated by law, and provide examples of non-compliance and some of the penalties imposed for non-compliance and security breaches under state and federal laws, including the laws of Nevada.
Take a moment to register and have a read.