Email & Privacy

posted Aug 18, 2010, 7:37 PM by Tom Pedersen   [ updated Feb 24, 2013, 5:47 AM ]
As promised to a few:  Thoughts and resources on protecting Personally Identifiable Information (PII).   This little article should probably be classified as "Easiest" from a technical level-of-difficulty perspective, but was upgraded to "Intermediate" due to complexities surrounding privacy policies and computer security implications.   It is simply a starting point ...

Family, friends and associates know that I'm not wild about seeing important/private information (account #'s, Social Security #'s, detailed financial information, etc) in email messages or attachments - email is simply too risky.  Soooo, as a general rule of thumb:  DON'T EMAIL PERSONALLY IDENTIFIABLE INFORMATION - simple as that!   When forced to send snippets of confidential information, consider Data Masking Tools/Techniques (e.g. xxx-xxx-1234) or encrypting a sensitive report or document and including as an attachment (e.g. an encrypted zip or pdf file).  

Unfortunately, Email/transport is simply the tip of the iceberg when it comes to protecting Personally Identifiable Information.  Small Businesses may benefit from an assessment of risks and internal practices.   A somewhat recent publication from the National Institute of Standards and Technology (NIST) may provide a reasonable starting point.  Download NIST Special Publication 800-122, "Guide to Protecting Confidentiality of Personally Identifiable information (PII)".  The guide is 50-60 page PDF, but well written and packed full of useful links/resources. 

Hope it helps