As I attend industry events, it is surprising how many times we hear questions like “what constitutes personal information that needs to be protected?” I recently sat down with Patrick Townsend, our Founder and CTO to discuss data privacy for the non-technical person.
When speaking about data privacy, the conversation often turns technical with common questions like “How do we implement encryption and encryption key management?” This time, we intentionally kept our conversation focused on data privacy topics that can be understood from a high-level.
I have created a series of blog posts from this conversation that will be posted in the next couple weeks. Hopefully this blog series will answer any questions that you might have. If you still have questions, feel free to send us an email.
What constitutes personal information that needs to be protected?
The first thing that everyone thinks of are credit cards numbers. We know that we don’t want our credit card numbers escaping into the wild and having to go through the process of replacing them. I think that by now, most people have experienced getting a call from their bank, being alerted to potential fraud, and going through the process of having to replace a card. So credit card numbers are obviously personal information that people need to protect.
There are also other things that I think are important – financial bank account numbers. We are all doing a little bit more now in terms of online banking. Those bank account numbers carry value and we need to be very careful about that. There are also some other items that tend to be used to commit financial fraud, such as social security numbers, driver’s license numbers, birthdate, etc. In fact, information like your passport number, military ID, or health ID – all of those are examples of information that you should try and protect and make sure you are not sending them around or leaving them in places that can be easily picked up.
Other things like maiden name or previous addresses are also important. Think about the types of questions your bank asks you when you give them a call. They are using that information to identify you and the fraudsters will use that information to impersonate you. These are all examples of sensitive information that we should be protecting. For people who are interested, the technical term for this type if information is Personally Identifiable Information or PII.
Stay tuned for our next installment in this series. Download our podcast “Data Privacy for the Non-Technical Person” to hear more of this conversation.