Tag: sensitive data

Personally Identifiable Information (PII): What It Is and Why It Must Be Destroyed

July 9, 2019 at 5:30 pm by Paul Falcone

We’ve all heard of ‘Personally Identifiable Information’ (PII)—those pieces of information about ourselves that are unique to us, and therefore make us identifiable and distinguishable from others. Well-known PII includes data such as full name, social security number, driver’s license number, passport information, medical records, and financial account numbers.

Yet, there are other types of PII that we, as individuals and consumers, put out there about ourselves which we do not consider to be personally identifying. These pieces of information include email addresses and social media usernames, phone numbers, mailing addresses, and even religion. Then there’s quasi-identifiers that are also available in public sources like your race, zip code, gender and birth date, that when used with other relevant data can easily identify you, too.

PII

Moreover, we often underestimate the power of some of our PII when, in fact, this information provides access to many facets of everyday life including our ability to drive, receive health care, and make large purchases (like buying a home).

Sensitive & Non-Sensitive PII: The Difference

Personally identifiable information falls within one of two groups: sensitive and non-sensitive. While many experts tout that sensitive data is what should be protected and encrypted, non-sensitive data is just as important to safeguard against unauthorized access and theft.

The following, although by no means exhaustive, are lists of most of these types of data:

Sensitive PII:

• Full name
• Social Security Number (SSN)
• Driver’s license
• Passport information
• Passwords and PIN numbers
• Biometric information (e.g. fingerprints, iris and retina scan, DNA, facial recognition)
• Medical records (e.g. PHI, all data under HIPAA regulations)
• Financial information (e.g. bank accounts and loans, credit and debit card numbers)
• Employee personnel records and tax information (includes Employer Identification Number)
• Digital/Electronic account information (e.g. email addresses, internet account numbers, digital account passwords)
• School identification numbers and records
• Private phone numbers (especially cell phone numbers)
• Mailing and/or home address

Non-Sensitive PII:

• Zip code
• Race
• Gender
• Date of birth
• Place of birth
• Religion
• Ethnicity
• Sexual orientation
• IP addresses
• Cookies stored on a web browser
• Outside-of-home addresses (e.g. workplace)
• Business phone numbers and public personal phone numbers
• Employment-related information (e.g. job title and status)

The Pervasiveness of PII

Too many individuals overlook the sensitivity of their personal information, or don’t realize how they are interconnected and how easily they can be pieced together to form a unique identity. What’s more, people often use unprotected means to share their personal information with family and friends, such as through text and SMS message, email, social media, and other messenger apps.

Many people even allow their personal, sensitive data to be saved on their computers and other electronic devices and drives so as to provide convenience when accessing digital accounts and places where information is stored. A survey conducted by Experian reported that the average person stores three to four pieces of sensitive information online, and 25% of Americans share credit card and PIN numbers with family and friends.

The Importance of Proper Data and Drive Destruction

PII holds immense value to identify thieves who want to use your information for their personal gain. Criminals (including cybercriminals) therefore also find value in stealing this information, either for the use of financial gain through sale to an identity thief or for ransom payment directly from the victim. This is why it is imperative that you not only make sure all of your sensitive data and PII is secure and protected, but that the data is rendered unreadable and unable to be reconstructed from the drive, device, or material that it’s stored on when it’s no longer needed. Moreover, this end-of-life destruction needs to extend to the drive, device, and/or material on which the data is stored.

Landfills and trash and recycling centers are easy targets for someone to rummage through and find a device or material that potentially contains PII and that can be restored. For instance, it’s not enough to clear data from a laptop hard drive. To ensure the total destruction of sensitive data to the point that it cannot be reconstructed, both data and device must be destroyed by overwriting non-sensitive information with software or hardware to clear the data, and by degaussing the media and rendering the magnetic field permanently unusable or destroying the media by shredding, melting, pulverization, disintegration, or incineration.

Shredder Training is the Key to Maximizing the Performance and Life of your Destruction Equipment

July 11, 2017 at 1:59 pm by SEM

Shredders, disintegrators, briquettors, optical media destroyers, HDD/SSD shredders, HDD crushers and degaussers are critical components of your overall information security program. Keeping these systems in good working order is extremely important, and easy to do with proper user training.

Probably the biggest factor in the longevity of any equipment is tied to proper training in the operation, daily maintenance and preventative maintenance. Depending on your equipment and site there are programs that can train your people to operate, maintain and troubleshoot so you avoid problems and keep the equipment up and running well.

Training can be done at your site with your equipment during a scheduled PM call, on a specific scheduled visit to your site, or at a training facility where factory service reps will go over all aspects of operation, daily maintenance, preventative maintenance as well as, tips and tricks to get the most of your systems and avoid the pitfalls. At the beginning of the training there will be a Q & A to help identify the issues of greatest concern to the group. During the training all participants are encouraged to ask questions and will have the opportunity to get “hands on” so they thoroughly understand the material being taught. After the training and a final Q & A each participant will be given a certificate of completion designating which equipment they were trained on. This is a great way for users to add additional value to their skill sets and company capabilities.

The training can be specialized to cover any and all the issues you may be having with your specific equipment, and discuss in detail how to fix and mitigate these in the future.

Some of the things your users will learn from attending training:

Changing knives, clearing and preventing jams, servicing dust filters, proper lubrication, testing belt tension, aligning conveyor belts, swapping out shredder heads-(depending on equipment) among many others.

The goal is maximizing machine availability for the organization and imparting the skills to help users diagnose and recognize potential issues before they become bigger problems.

And investment in a proper training program will pay dividends in equipment up time and save your organization money in the long run.

Click here for more information on SEM’s Preventative Maintenance and Service plans or call 800-225-9293.