Académique Documents
Professionnel Documents
Culture Documents
TRAINING
DON’T BE TOMORROW’S HEADLINES…
WHY?
PII LOSS
It usually occurs in connection with one of
the following:
• Breach of Security
• Most data breaches were due to malicious
or criminal attacks
• Theft
• Postal
COST OF DATA
BREACHES
• …rose by 10% from 2013 to 2014
• US $201 per RECORD
• Average total cost in 2014: $5.8 Million
• Costs included
• Notification
• Credit monitoring services
• Engaging forensic experts
• Audit Services
• Lost Business
WHAT IS PERSONALLY IDENTIFIABLE
INFORMATION?
IN GENERAL
Official Sources
• US Office of Management and Budget (OMB) – Government
Agencies
• US National Institute of Standards (NIST) – IT Source
• Maine State Attorney General – State Government
OMB EXAMPLES OF PII
• Sony: 100M accounts lost including credit and debit card data
• Heartland Payment Systems: 130M credit cards stolen
• Epsilon: World’s largest email marketing service provider is
hacked, losing PII from hundreds of corporate customers:
• TiVo, JP Morgan, Ritz-Carlton, Marriot, Walgreens, LL Bean!
AND ON, AND ON…
SAFEGUARDS –
PROTECTING PII
• Physical Safeguards
• Technical Safeguards
• Administrative Safeguards
PHYSICAL
SAFEGUARDS
• Paper records should be stored in locked
file cabinets
• Physical files are locked every night • Data Leak Prevention system blocks
USB drives and CDRom Access
• Access to interior building areas
controlled • Limited “Cloud” Access
• All physical medium • Privacy policy in place
destroyed/shredded on-site
• Annual Security Awareness Training
• Outgoing emails scanned for mandatory for all employees
unencrypted PII – BLOCKED
• Review of access controls in all
• All portable hardware is encrypted applications
WEAKEST LINK