Personally Identifiable Information – Research Paper Example
Personally Identifiable Information Personally Identifiable Information Various agencies and organizations maintain information about individuals to facilitate easy identification process. The information is mainly used to either trace or distinguish identity of individuals and/or organizations (Erika McCallister, 2010). The information retrieved and stored by agencies includes name, mother’s maiden name, telephone numbers, address information, asset information, biometric records and social security number.1 Also, some agencies may need information that can be linked to a given individual such as financial, medical, and educational as well as employment information. The above listed information among others is collectively referred to as personally identifying information.
Developments realized in the field of information technology have been responsible of personally identifying information being collected and stored by organizations as well as agencies. The importance and potential threats facing the use of such information has resulted to more attention being directed towards the capability of the system to uphold high level of privacy while offering appropriate protection. Identifying information about Individuals and liable organizations whose reputation is at stake need to be collected, stored and disclosed in accordance with privacy laws and principles (Erika McCallister, 2010). Therefore organizations and agencies dealing with personally identifying information need to uphold high level of privacy by ensuring that reliable protection practices is put in place to safeguard individuals and organizations against any damage caused by inappropriate dissemination of recorded information.
There are a number of factors that should be embraced by agencies dealing with confidential information about individuals and organization. The personal data being collected should be subjected to a given limit as outlined by the law (Erika McCallister, 2010). For instance, data collection has to be fair and lawful as well as after receiving consent from the data subject. Personal data need to be complete, accurate and as per the intended purpose of collection. In order to acquire consent from the data subject, the purposes need to be communicated not later than the collection date (Rosenbaum, 2015). The use of collected data should be limited to the intended purpose only unless consent from data subject has been received or the law allows it. Concerning the security matters, personal data need to be safeguarded against unauthorized access or loss, use, disclosure, modification and destruction.
Openness policy should be put in place to facilitate practices, policies and development regarding personal data. Organizations need to put in place means enabling easy establishment of existence of personal information and main purpose of use in addition to data identity controller (Rosenbaum, 2015). Also, individuals need to be given the right to confirm if data controller has correct personal data, as a sign of individual participation. Basing on the ethical issues related to the process of acquiring and protecting personal information, data controller is accountable of complying with the stated factors of ensuring privacy and appropriate use of personally identifying information.
Individuals need to be protected against breach of confidentiality leading to negative effects. Unless organizations and agencies adhere to set information technology ethics outlining the use of personal information, individuals are prone to negative effects resulting from the loss or inappropriate disclosure of the information. Individuals whose personal identifying information has been wrongly disclosed to the public are most likely to experience physical, social or financial damage. The negative effects are collectively referred to as harm. Harms against a data subject can take place in the form of identity theft, blackmail, discrimination, physical harm or emotional distress. Also, organizations face similar threats resulting from breach of confidentiality. For instance, organization will experience financial losses, administrative burdens, loss of public confidence and reputation as well as legal liability.
There are three impact levels associated with the loss of confidentiality with respect to the use of personally identifiable information by agencies. The impact levels can be high, moderate or low (Harold E. Gottschalk, 2012). A low impact level is experienced by an individual if the loss results into limited adverse effects on his or her finance, operations or assets. Moderate impact level is experienced when the breach of confidentiality results into serious adverse effects. The impacts can be experienced inform of reduced performance by the individual, significant damage to personal assets, significant financial loss and significant harm to an individual without loss of life. Lastly, impact levels resulting from inappropriate use of personally identifying information can result to severe adverse effects on individual’s finance, operations and assets. An experience of such losses confirms existence of the third impact levels as a result of b reaching of confidentiality. Therefore high impact level involves serious financial, social and physical losses, loss of livelihood as well as loss of life (Erika McCallister, 2010).
The impacts discussed above can be effectively avoided by both agencies and organizations having personally identifiable information. There are two main measures that ought to be embraced by organizations so as to safeguard personal information collected. The first measure is procedure and policy creation.2 Organizations need to come up with appropriate policies outlining ways of handling personally identifying information. The policies should include privacy laws and principles to safeguard personal data. The policies should explain ways of collecting, disclosing, sharing, use as well as consequences associated with failing to observe privacy principles. The other measure involves conducting training, education and awareness aimed at imparting members of staff with a desired body of knowledge and skills, designed to reinforce or change their behavior when handling personal information.
Erika McCallister, T. G. (2010). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST Special Publication 800-122 , 7-40.
Harold E. Gottschalk, J. M. (2012, August 23). System and methods for identifying compromised personally identifiable information on the internet . Retrieved July 4, 2015, from www.google.com: www.google.com/patents/US20120215758
Rosenbaum, M. H. (2015). Identifying Unethical Personally Identifiable Information (PII) Privacy Violations Committed by IS/IT Practitioners: A Comparison to Computing Moral Exemplars. Retrieved July 4, 2015, from www.nsuworks.nova.edu: www.nsuworks.nova.edu/gscis_etd/29/