Professional Documents
Culture Documents
SCTY310 Assignment 8.3
SCTY310 Assignment 8.3
Abstract
This paper will discuss personal identifiable information and what can be done to protect it.
Fischer, Halibozek and Walters (2012) state “Protection of personal identifiable information has
PROTECTING PERSONAL IDENTIFIABLE INFORMATION 2
become a high priority in recent years, with states and the federal government passing laws
requiring stringent protection of such information” (p.141). As part of a modern world where
technology has taken over much of our personal information, safeguarding it has become very
important and critical. Something as simple as our gender, date of birth or zip code can be used
by hackers and criminals to take advantage and cause harm. Even terrorists have begun to
exploit personal identifiable information seeing the advantages they pose and its ease of
obtainment. The importance of training and being aware of this threat has caused many changes
Personal Identifiable Information (PII) is any data that could potentially aid in the
PII as “The Office of Management and Budget (OMB) defines personally identifiable
information as:
their name, social security number, biometric records, etc. alone, or when combined with
individual, such as date and place of birth, mother’s maiden name, etc.
The article selected highlights the importance of PII how it is prime for hacking as well as how
to protect it. Protection of PII affects us all alike whether you are an employee, student, patient,
client, or employer. Chapa (2016) states “the U.S. Government Accountability Office (GAO)
added protecting the privacy of PII to its list of high-risk issues affecting organizations across the
country.” This is due to one of many reasons among them, the increase of cases related to stolen
identity. Additionally, terrorist have begun to exploit the internet and social media, hacking
accounts and obtaining PII of possible targets. Due to these growing threats how to protect PII is
Discussion
When PII is leaked, its consequences can affect individuals and companies very
adversely. According to Chapa (2016) “All organizations, from large federal agencies to
universities, hospitals, and small businesses, store PII about their employees, clients, members,
or contractors.” These data breaches can often lead to legal action by either party causing
damages, costs and sometimes bad reputation, which is even harder to recover from. Chapa
(2016) also mentions that “According to research by the GAO, 87 percent of Americans can be
uniquely identified using only three common types of information: gender, date of birth, and ZIP
code.” This is very alarming as obtaining those three common types of information can be found
PROTECTING PERSONAL IDENTIFIABLE INFORMATION 4
on a number of things such as account bills, email, etc. Most recently, Islamic state terrorists
obtained the names of dozens of US government employees and published a list geared to drive
When it comes to protecting PII, various steps can be taken by individuals and
organizations alike according to Angel Hueca, an information systems security officer with IT
consulting company VariQ (Chapa, 2016). One important aspect of cyber security and
protecting PII is training. Many individuals are oblivious to the threat that PII poses and for that
reason they do not think about the consequences they could face from sending information over
unprotected emails or social media accounts. Gauntt (2016) states “normal email is unencrypted
and easy to intercept online, so you should never email sensitive data like credit cards, bank
accounts, Social Security numbers and passwords.” By keeping sensitive information segregated
there can be additional firewalls installed for the protection of the content making it harder for
hackers and criminals. According to Chapa (2016) Hueca states that “segregating duties and
tightly controlling who has access to certain information can help and isolating potentially
sensitive information can prevent harmful leaks.” Also sensitive data should be encrypted and
accessible only by the use of organizationally issues electronic devices. In all types security
having multiple layers of protection is preferred as this strategy can help deter criminals, yet, in
the event that these layers fail, it is also important that individuals and organizations have a
Conclusion
The protection of PII can be a difficult task due to the changing environment and use of
the internet which is open to millions of users. Hackers often have at their disposal many tools
which can allow them to obtain your personal information leading to identity theft and other pain
PROTECTING PERSONAL IDENTIFIABLE INFORMATION 5
staking situations. Terrorist also have begun to understand the importance of PII having targeted
influence violent sympathizers. Awareness is crucial for employees in the work place and
individuals in general which is why training programs and response plans must be in place.
Safeguarding PII by encryption devices and passwords should be common sense in the digital
age. The use approved devices in the workplace for the transmit of this information needs to be
taken more seriously and controlling who has access to this information must be monitored.
References
Blake, A. (April 26, 2016). ISIS supporters circulate kill list of state dept employees. Retrieved
PROTECTING PERSONAL IDENTIFIABLE INFORMATION 6
from http://www.washingtontimes.com/news/2016/apr/26/islamic-state-supporters-
circulate-kill-list-state/
https://sm.asisonline.org/Pages/How-to-Protect-PII.aspx
Fischer, Robert; Halibozek, Edward; Walters, David (2012). Introduction to Security. Elsevier
Gaunt, W. (May 1, 2016). Keeping your business information safe. Retrieved from http://herald-
review.com/business/local/wendy-gauntt-keeping-your-business-information-
safe/article_4e38ea92-ba17-56ed-9a63-029f89657980.html
GSA Privacy Program. (n.d.). Rules and Policies - Protecting PII - Privacy Act. Retrieved from
http://www.gsa.gov/portal/content/104256