I’ve been involved with a surprising number of conversations of late talking about what PII consists of, and what you need to be aware of when protecting it. It’s easy to say that it’s social security numbers and credit card information. Those are the obvious choices.
If you’re building applications and/or protecting the data though, there truly are many other elements that are important. I don’t know if it’s the evolution of connected applications or social media or… what… but I do know that some previously ignored items are important.
Probably the most prevalent is the email address. Why? Because people use it all over the place to secure and login to their phones, contact lists, email of course and their systems on the desktop and other mobile devices. It’s become the starting point for your online identity in many cases. Clearly, this should be protected.
The password is another. But before you say "of course you protect the password!" – what I’m referring to is protecting it in the database. You need to be encrypting that information along with the other goodies. Why? Because so many people use the same password between systems. If they hack yours, you don’t want to be the source of information for them to get access to other systems. Encrypt that password.
Other elements are evolving as well, things like phone numbers and addresses. It’s interesting to see what’s included now, and think about what will be protected in the future. I have a sneaky suspicion that we’ll be looking at much more than just a few elements. In fact, I’d say that in the very near future, you really should start protecting all of it, particularly while at rest.
We’ve done a few shows on this on the site – just click on "Video" above and go to the Townsend Security item. There are some great starting points there.
In the meantime, what are you seeing? What types of things are you seeing become important that, perhaps very recently, weren’t as important? Drop me a note or comment below (swynk@sswug.org)