Best Practices in Protecting PII Data Essay example

Abstract I have decided to write a research paper on the importance of protecting personally identifiable information (PII) in Information Technology. PII is a critical, but often overlooked skill requirement for IT professionals. The subject of PII data is of vital importance to me since I work with PII data frequently and must be prepared to handle it correctly and ethically, less risk the violation of privacy law. In addition to satisfying the necessary requirements for a research paper, the intention of this paper are to provide: †¢ A thorough treatment regarding what PII data is and isn’t †¢ Define the best practices in handling PII data in the field †¢ Providing case studies and legal references that explore the issues of PII data†¦show more content†¦The reasons for this are varied. One of the major factors that prevent full federal protection is that states have broad ways of defining what is considered personally identifiable information. For instance, take a state like Connecticut: their state laws consider an â€Å"account number† as a personal identifier (Wright, 2009). Let’s say a church sponsored a bake sale and someone bought a cupcake from that church. If the church happened to log that sale with a unique number, say, S101, where ‘S† is the first initial of the buyer and the number is a one-up sales number, that church would then fall under the provisions of the Connecticut state law and may be required to protect that customer’s identity. Other states have varying definitions as to what PII is. The most robust PII protections in the country exist in the state of Californi a, making PII a protected right and allowing anyone that interacts with that data to appropriately protect and reasonably notify affected people of any potential security breaches (Wikipedia, n.d.). There exists many different definitions of PII and its applications and provisions are as vast as there are states in the union. Later, an example of aShow MoreRelatedAn Evaluation of Security Acts and Models Essay1672 Words   |  7 Pagesidentifiable information (PII). PII should always be protected via means of encryption and additional security measures not only when it is being transmitted across the internet, but also when it is being stored locally on a server. Many of these security and risk oriented rulings mandate the requirements of securing individuals’ personal information. Some of the acts and models even go as far as to designate how an organization must respond to and notify instances of persona data breaches. The aforementionedRead MoreElectronic Health Case Study714 Words   |  3 Pagesfacilities turning to electronic systems as a way to deal with personally identifiable information and to more efficiently run their practices, there can be opportunitie s for cyber thieves to hijack personal information. Luckily, the OIG has stepped in to identify where a majority of these cyber weaknesses frequently can be determined to be. Subject Line: Is YOUR Practice Safe From Cyber Criminals? Find Out What the OIG Thinks --------------------------------------------------------------------------------Read MoreStrategic Planning Process And Plan1555 Words   |  7 PagesStrategic Planning Process and Plan Harper College’s Information Technology (IT) Client Services department houses the Information Security group. This group does not gather most of its own data, so the leaders will need to gather metric information from other College areas. Harper College Mission and Vision The Harper College mission is â€Å"Harper College enriches its diverse communities by providing quality, affordable, and accessible education. Harper College, in collaboration with its partnersRead MoreThe Issue Of Data Security3261 Words   |  14 PagesAbstract: Data security has become a concern for every individual in our country. We hear about data loss from businesses like Target and University of Maryland at College Park and it is easy to wonder where the next security breach will be and whether it will affect us personally. This is intended as a look at the existing data security policies that receive the most public attention, Family Educational Rights and Privacy Act of 1974 (FERPA) (34 CFR) and Health Information Portability and AccountabilityRead MoreCase Study : Security Management And Ethics1205 Words   |  5 Pagesholistically about the organization’s security. A security program provides the framework for keeping the company at a desired security level by assessing the risks being faced, decision on how it is mitigated, and planning to keep the program and security practices up to date. According to Olavsrud, Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology againstRead MoreSecurity Practices Of Electronic Commerce Companies Should Follow1679 Words   |  7 Pagesoccurring. This paper attempts to provide a basic overview of security practices that electronic commerce companies should follow. The first category is building a secure network. There are necessary steps in how a company should approach access into their networks from the outside, from installation of a firewall system, to configuration, and even access control within the enterprise. The second category is data protection. Data must be kept secure not only when it is in transit, or in use, but alsoRead MoreSecurity Policy At The Alliance Group Essay1476 Words   |  6 Pagesuseful and effective company policies, standards, guidelines, procedures and best practices. †¢ Development and implementation of an ongoing, periodic awareness program for all employees company-wide †¢ Development of a risk assessment baseline to identify, analyze, and mitigate risks to the company’s information and the underlying systems supporting it. †¢ Development of an incident response plan that deals specifically data breaches or any information security incident. †¢ Implementation of differentRead MoreSecurity Policies And Control And Password Management Policies1295 Words   |  6 PagesStandardization/International Electrotechnical Commission (ISO/IEC) 27002 Information Technology Security Techniques Code of Practice for Information Security Management standards. These standards appear in the ISO/IEC 27000 series, the industry recognized best practices for development and management of an ISMS (pg. 68 of CISSP). To clarify, ISO 27002 Information Technology Security Techniques Code of Practice for Information Security Management module falls within the ISO 27000 Framework. Ultimately, HHI’s objectiveRead MoreEssay On Protected Health Information1777 Words   |  8 PagesProtected Health Information (PHI) is the combination of health information and personally identifiable information (PII). Health information encompasses information that is created or received by a covered entity via any medium—verbal, written, electroni cally or otherwise. This information includes the physical or mental health condition of an individual at any point in time. PII falls under the umbrella of health information since it has the potential to reveal an individuals personal identityRead MorePrivacy and Computer Technology1930 Words   |  8 Pagesand customers’ privacy interest. New technologies that has either unconsiously adopted or resourcefully applied privacy practices will continue to threaten personal privacy. Business will have to find ways to address this uneasiness. If companies remain complacent, underestimating the degree to which privacy matters to customers, harsh regulation may be waiting in the wings. The best way out is for businesses and customers to negotiate directly over where to draw the lines. (What is Privacy?)