Now, before you rush to your physician begging for a prescription, PII stands for “personally identifiable information.” The National Institute of Standards and Technology (NIST) defines PII as:
“(A)ny information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”
PII may as well be your digital DNA considering how much of it is stored, transmitted, reviewed and updated electronically. That, in itself, is a wonderful and convenient thing. But it’s a big problem when companies fail to meet today’s increasingly stringent compliance requirements. They risk paying fines, losing customers’ trust (not to mention their business), and in certain cases, imprisonment.
If you think issues of compliance only concern corporations, think again. A recent Ponemon Institute survey of U.S. small businesses revealed that more than half (55%) of respondents experienced a data breach – almost all involving electronic records. The study also found that 53% suffered more than one breach. The biggest reasons for the breaches were mistakes by employees or contract workers; laptops, smartphones and other storage devices that were lost or stolen; and procedural gaffes.
The vice president for specialty insurer Hartford Steam Boiler, which commissioned the Ponemon survey, explained the significance of those statistics. In an article for USA Today, Eric Cernak wrote:
“The results showed that small businesses have valuable information about customers or employees and light security often makes them easy targets for identity thieves.”
According to The Identity Theft Resource Center (ITRC), a breach is “an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format.” Care to guess how many breaches in the United States have been reported this year (emphasis on “reported”)?
The ITRC, which updates its breach database daily and publishes the statistics each Tuesday, reports a tally of 589 breaches and 17,371,197 records exposed as of December 17. Companies fall into one of the following five categories:
The fact that five categories exist should grab your attention. Healthcare is commonly associated with matters of compliance because of the Health Insurance Portability and Accountability Act (HIPAA), and the need to protect patient information. But this issue is clearly affecting several major industries.
The “2013 Identity Fraud Report” published by Javelin Strategy & Research says 1 in 4 consumers that received a data breach notification later dealt with identity fraud. Furthermore, consumers whose Social Security number was exposed in a data breach were “5 times more likely to be a fraud victim than an average consumer.”
It’s no wonder 6 in 10 U.S. respondents to a recent GFI survey said, if possible, they would remove from the Internet all personal information others could find about them. Of course, a more realistic approach involves implementing superior solutions for automated mail archiving and faxing.
In short, mail archiving enables companies to set strong data retention and storage policies. Emails and other documents are kept in their original state – and in a central, tamper-proof store. Automatically archiving the email history minimizes legal risk when dealing with a compliance issue, e-discovery request or internal investigation. It also increases business efficiency by saving on storage.
Likewise, electronic faxing provides companies with a secure and paper-free method for sending, receiving and managing faxes – directly from the desktop. Messages are transmitted directly to the inbox of the recipient’s email client, ensuring private information is seen only by authorized individuals.
As this GFI ebook on compliance says, with these solutions in place, “there is no risk that emails and faxes can be tampered with, deleted or accessed by third parties.”
What are you doing to ensure your business meets complex compliance requirements? Before you answer, understand that data breaches and regulatory agencies have something significant in common.
They don’t discriminate.