Personally Identifiable Information - Research Paper Example

Personally Identifiable Information Introduction In today’s world, Personal Identifiable Information (PII) has become sensitive data for the identity of any person. Therefore, training and knowledge of the PII is of unmeasurable vitality in today’s society. To sufficiently protect PII, one must comprehend what Personal Identifiable Information encompasses. PII is the type of information that distinguishes the identity of a person e.g. the social Security number of a person, home, age, office phone numbers etc. In the recent past, millions of consumers have had their identity compromised leading to lose or misuse of their Personal Identifiable Information. Personal Identifiable Information in Today’s age Information in the modern society is becoming easily available to many people. The internet in specific is one of the main sources through, which many people are obtaining information concerning other persons. Some of the search engines of the internet such as Google can provide important details of a person if well used. Therefore, the private sector as well as public sector should ensure that vital information of people is protected from being accessed by an unauthorized persons. In addition to search engines, social networks are playing a critical role in disclosing personal information, which can be used to for illegal acts. Thus, because of this, various governments and law making agencies have imposed various Acts and Laws in order to enhance Protecting Personal Information (PPI). Agency Roles and Responsibilities in PPI The legal and federal agencies have a mandate to protect sensitive information of people from unauthorized access. The Privacy Act (1974) was the first legislation created to oversee that personal information is safeguarded. The Act was established amidst rising concerns on the impact of computer databases on the private rights of individuals. The Act details how, what, or when the information is to be disclosed. The State, Federal and Local agencies shall collect information to help them conducting their businesses but should properly protect the data from the unauthorized intrusion. The U.S. Department of Commerce (DOC) in partnership with ‘National Institute of Standards and Technology (NIST)’ established Special Publication (SP) 800-122, which protects the PII existing in databases. ‘The National Institute of Standards and Technology’ proposes that agencies should establish safeguards to ensure proper handling of the information. In this regard therefore, organizations should enforce the following; creation of policies and procedures for PPI, conducting appropriate training of employees to reduce the disclosure of PII, development of the response plan to help handle the issue of breaches of the PII, Retention and Collection of the PII with the main objective of accomplishing mission and purpose of the business. Private and Public Roles and Responsibilities Both public and private sectors have a responsibility to safeguard sensitive information that relates to individuals. However, individuals also have a responsibility to protect information from outside interference. The increased number of identity thieves is attributed to the use of PII that is continuously being stolen. The Federal Trade Commission (FTC) reported that every year 9 million identities are stolen due the misuse of the PII. The identity thieves have increasingly taken advantage of the stolen PII to cause emotional and financial hardship on individuals, which has largely been attributed to inappropriate enforcement of laws. The Task Force was established by George Bush to provide a solution to the increased number of identity thieves of PII. Its main agenda was the establishment of the procedures and policies to ‘deter, prevent, protect and resolve identity theft’. The Task Force implemented a strategic plan to study the identity thief life cycle. The three stages of the strategic plan involved: the acquiring of personal information by the identity thieves, the misuse of the information by the identity thieves, and the completion of the crime by the identity thief and subsequently enjoying the benefits. Personally Identifiable Information (PII) and Data Breaches Data breaches/unethical uses of data have been on the increase in the recent past. Security breaches occur now and then, thereby causing danger to PII given its great vitality because it can be used to open the financial accounts of individuals or make falsified purchases using such information (Chalmers, 2013). Data thieves and the Cyber Criminals assign great importance to the PII because they can use the information to gain the physical assets and the bank accounts of victims (Bucolo, 2013). However, with proper training, breaches can be prevented. Suni Munshani (the Protegrity CEO & author of the report ) stated that, “Data breaches are spiraling out of control, and companies like Sony, Citi and Epsilon are finding out just how expensive it is to not protect customer data properly”, (Murphy, 2009). Classifying of data can help tremendously in limiting access to certain types of personal data such as Credit Card, and Financial account numbers, state ID numbers, health data, Social Security numbers, biometric data, and date of birth should be restricted (Chaney, 2009). Further, confidential data such as data on financial results (prior to release), strategic plans, marketing strategies, pricing and payroll, which can affect organizations negatively if disclosed to the unauthorized persons, should also be protected and restricted e.g. through periodical training to help reduce data breaches to PII. Ethical issues in the use of information technology The introduction of new technology has led to the creation of ethical dilemmas. Information technology increases the efficiency and speed of data transfer from one medium to another. However, introduction of new information technology calls for the need to balance the ethical and legal standards. Some of the ethical issues in the use of information technology include: Computer Crime: computer crimes have resulted to financial fraud, online harassment, theft, embezzlement, sabotage and virus infection, which compromises the smooth running of the businesses putting them in a disadvantageous position. Intellectual Property: Information technology has led to imitation or copying of ideas from other companies. Companies whose inventions are not protected are placed at the receiving end by those companies that can commercialize the product or service. Software Piracy: Software piracy leads to the violation of copyright agreements. It can be very costly leading to significant loses. However, big companies are not affected by this unethical practice of Information Technology. Job Displacement: The use of the information technology has led the creation of ethical dilemmas by forcing some organizations to cut on the number of workforce by forcing some them out of the organization, which is unethical. Conclusion PII is vital information that if mishandled or misused can lead to not only financial loss but also emotional burden to individuals who fall victims. Therefore, the public & private sectors have the responsibility to ensure PPI is safeguarded from intrusion from scrupulous individuals. The government should incorporate laws that should hold the government agencies accountable for the information they host to prevent unethical practices of the information system. References Bucolo. (2013). Is Risky Data Lurking In Your Business Systems? ISO & Agent, pp. 78-80 Chalmers. (2013). DATA BREACH CASELOAD: ABOUT TO BLOW? Litigation News, pp. 8-10. Chaney, C. (2009). Data on the Move. Internal Auditor. 23-25. Murphy. (2009). Get Serious About Security Training. U.S. Naval Institute Proceedings, p. 16. Read More