As a business, you deal with personal information of your clients and staff. You are legally required to protect that data and ensure it is handled correctly. However, it is difficult to know what is considered to be personal information.
It is important to note that the definition of personal data varies according to the jurisdiction and country. It generally refers to any information that can be used to identify an individual. This could include information such as the person’s email address or telephone number, but it also includes any other data which can be linked to an individual, thereby identifying them. For instance their birth date, their mother’s maiden names biometric data, information regarding visas and passports and credit card information, and other sensitive information regarding employment (e.g. Performance ratings and records of disciplinary actions).
In addition the information must be easily identifiable by other people. If it is difficult for other people to identify the information, it is not considered to be personal. This is known as the “practicability” test.
The final step in determining if something is personal is to determine if it pertains to the life of a person. This excludes information that is business-related, such as invoices or orders.
If sensitive personal information is lost or stolen, or shared in any www.bizinfoportal.co.uk/2021/04/23/business-development-strategy-creating-long-term-value/ other way without authorization, it can be very detrimental. It is essential to educate employees on the importance of protecting sensitive PII. You should also take steps to protect the information when not being used for example, by logging off computers unsupervised and destruction of documents on paper. It is also crucial to regularly audit the PII stored in your system and limit access to only those who have a business need to do so.