PII (Personally Identifiable Information) is any information that someone else can use to try and impersonate you or impact your life without your consent. Your personal PII data can be captured through interactions with companies, healthcare providers, banks, or anywhere that your identity needs to be verified. It is important that we, as a data community, not only think about protecting our own PII, but the PII of our customers, clients, and colleagues. It is not just about protecting your company from reputational, legal, or compliance risks; it is also about protecting each of us as individuals.
By now, most of us understand that there are an overwhelming amount of data leaks each year - from all different industries. It may just be an email address from that company over there, credentials from this company over here, and the cell phone or computer information from yet another company you did not even know had your information. Because we are in a time where we are trying to learn so much about prospective customers by using AI/ML modeling, the ease with which these programs can scrub the internet for all these leaks and form a little personal portfolio, would scare most people. Articles for light reading on the subject will be presented at the bottom.
There are several challenges with safeguarding personal information that fundamentally start with the need and requirement to positively identify a person to prevent impersonation. How meta is that? Systems thinking tells us that sometimes we try to plug a hole in one place and the pressure sprays out through another hole. The general rule of alleviating the pressure is to reduce the volume, so let us get into that.
The common data elements that most companies focus on are:
The first step is ALWAYS going to be to tokenize, obscure, remove, information from the general data community within your company. This can be done through processes, tools, permissions, or architecture. There are MANY articles and best practices out there already. The plan that I recommend in most scenarios is:
1. Get rid of all the information you do not need. Not only does that reduce financial and customer exposure risk, but it typically will also reduce data processing overhead and cost.If you are interested in more creative ways to reduce or eliminate the risk of PII, let Curate Insights know and we can create a custom solution for you. Ultimately, we hope that fellow dataticians will start taking on the responsibility to make sure we are headed in the right direction on a daily basis. Small minute corrections to our trajectory will have major impacts the further into the future we survive.