As the owner of a business, you have to deal with personal information of your employees and customers. In law, you are legally required to safeguard this information and ensure that it is used correctly. However, it’s difficult to know what is considered to be personal information.
It is important to keep in mind that the definition of personal data differs according to the country and the jurisdiction. In general, it refers to any information that identifies an individual. This could include information like the name of the individual, email address, or phone number, but also any other information that could be linked to an individual and make them identifiable like their birth date, mother’s maiden name, biometric information such as passport or visa information and credit card information as well as other sensitive employment data (e.g. Performance ratings and discipline records).
In addition the information should be able to be identified by others. If it is difficult for anyone to recognize the information, then it isn’t considered to be personal. This is the “practicability test”.
The final way to determine whether something is personal is to determine if it concerns a living person. This doesn’t include details that are related to business, such as invoices, orders or other documents that are used for business.
If sensitive personal information is lost or stolen, or shared in any other manner without authorization, it can be extremely damaging. It is essential to educate employees on the importance of protecting sensitive PII. You should also take steps to protect the information when not being used such as by locking off computers that are not being used and eliminating the paper records. It is also crucial to regularly check the PII stored in your system and limit access to those with a business need to do so.