What is Personally Identifiable Information (PII)?
PII is any information that can be used to identify an individual’s personal identity. There are many definitions, but most often the following list is considered PII:
- Email address
- Phone number
- Social security number
- Credit card information
- IP address
PII does not include information such as employment status, marital status, or gender. Your business can gather this information anonymously without linking it to PII.
What are Your Business Obligations in Protecting Personal Information?
Various laws require businesses to safely use, store, and collect PII. The failure to this can result in fines and other sanctions. Depending on your industry, there are some specific laws to be aware of:
- Children’s Online Privacy Protection Act (COPPA): This law limits the collection (and use) of children’s personal information for children under the age of 13.
- Gramm-Leach Biley (GLB): This law governs how financial institutions must handle, store, and process private financial information.
- Health Insurance Portability and Accountability Act (HIPPA): Most of us are at least familiar with HIPPA by name. Every time we go to a medical appointment we are asked to sign a HIPPA release. A portion of the law (it does other things as well) obligates those who collect confidential health information to safeguard it to certain standards.
- Different states might also have state-specific laws governing the collection and protection of PII.
Even if your San Jose business is not related to healthcare or a financial institution you are obligated to protect all PII. This includes the collection, storage, use, and dissemination of all PII.
There are steps that you can take to ensure you are protecting PII. These might include:
- Evaluate your business process and methods to determine if you have PII and how you currently handle such information. This includes both information on employees and customer information you may collect.
- Identify which laws you might be subject to follow.
- If you collect information from customers (or the public) identify how you communicate your policies to them.
- Implement new policies for how to safeguard, store, process, disclose, and dispose of PII.
Contact a San Jose Intellectual Property Attorney Today