![]() For example, suppose a supplier’s sales rep gives you her out-of-hours telephone number and personal email address that isn’t on the corporate domain. So, if you keep a business contact database that includes the names, business addresses, and contact data related to the workplace, that isn’t counted as PII. One more vital point about PII is that the term only applies to people’s lives outside work. ![]() So, a PII scanning tool needs to include OCR and fingerprinting. In the data security sector, together, these scattered fields to identify a PII instance are called “ fingerprinting.” An effective PII scanner needs to determine the presence of these separate fields and spot their existence in approximate, though not adjacent, positions. Thus, when looking for PII data, you need to identify combinations of data fields. In any standard letter, the data fields that any thief would want are spread out throughout the text. This task requires optical character recognition (OCR). Such as the search utility on a Web page or in Windows Explorer. Unfortunately, images of documents are almost impossible to search with a standard scan. While database tables are goldmines for data thieves, files containing documents, images of documents and forms, and images can be handy. Several combinations of columns in this table are valuable, and each grouping can supply a different type of thief or con artist. The whole table gives a data thief a lot of data resale opportunities. As most online payment processors also expect an address and telephone number for verification, the credit card thief would need just about all of the columns from the table. First name, last name, and social security number would do it, as would first name, last name, and email address.Ĭredit card scammers would need at least the first name, last name, credit card number, CVV, and card expiry date to stand a chance of putting through a transaction online. However, this still isn’t enough to identify one person in the world. The first and last names together give a better target. A list of 400 instances of Dave and 300 cases of Jane doesn’t identify anyone. So, although that single field precisely identifies a person, it probably can’t be used effectively without more information.įirst name and last name individually do not constitute PII. However, most places that ask for a social security number for identity verification would also expect the person to provide a first and last name and possibly a date of birth. If a hacker broke into your database and had just enough time to select out one column of that table, which would it be? Depending on what type of scam the data would be used for, a Social Security Number or Email Address would be the best single field to steal. Imagine what a con artist could do with that information. To understand the concept of data that identifies a person, consider a database with a customer table. To be clear, collecting data in its totality can lead someone to find or impersonate a specific person. It isn’t sufficiently precise to say that PII identifies a person. Related post: What is PII Compliance? What is PII? You can read more about each of these options in the following sections. Teramind DLP A cloud-based user productivity tracking, insider threat detection, and DLP package that include eDiscovery.Endpoint agents for Windows, macOS, and Linux. Digital Guardian DLP A DLP delivered from the cloud and included data discovery and classification for PII.Available as a cloud service or as a virtual appliance. Endpoint Protector A PII scanner embedded in combined threat detection and data loss prevention package.ManageEngine Endpoint DLP Plus (FREE TRIAL) This on-premises software package discovers sensitive data and then manages data exfiltration channels to block its movement.This tool will track sensitive data and block or log its movement, while also blocking and deleting junk data. ManageEngine DataSecurity Plus EDITOR’S CHOICE A system auditing, compliance, and data loss protection package for Windows Server.Here is our list of the best PII scanning tools: The financial consequences of misuse or disclosure of PII can be disastrous. Generally, companies can only hold PII for specific purposes, and that data must be assumed to be accurate and kept confidential.įailure to follow the guidelines on proper usage of PII can result in a hefty fine, and those whose data you failed to protect can all sue your company. Legislation in many countries lays down specifications of what is considered to be an abuse of PII. It specifically relates to collections of data fields that can identify a private individual PII is P ersonally Identifiable Information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |