Share This Article
Download the guide today to learn how you can protect your company from Malware and Phishing attacks. While GDPR compliance is straight-forward, the basis of compliance is understanding how to identify and protect PII and SPI. Do you have a good sense of cybersecurity best practices and how to fight phishing attacks? News Center Read the latest press releases, news stories and media highlights about Proofpoint. Privacy and Trust Learn about how we handle data and make commitments to privacy and other regulations. Environmental, Social, and Governance Learn about our people-centric principles and how we implement them to positively impact our global community.
Various federal and state consumer protection laws protect PII and sanction its unauthorized use; for instance, the Federal Trade Commission Act and the Privacy Act of 1974. Cybercriminals breach data systems to access PII, which is then sold to willing buyers in underground digital marketplaces. For example, in 2015, the IRS suffered a data breach leading to the theft of more than a hundred thousand taxpayers’ PII. Personally identifiable information is information that, when used alone or with other relevant data, can identify an individual.
But you’ll go even farther when you’re able to keep track of the data your company collects. Because understanding your data is the first step in understanding the privacy laws attached to it. Additionally, depending on location, sensitive information may comprise data collected from children. The latest GDPR regulations allow children 16 and older to consent to having their data processed on their own. Parental consent is required for children 13 to 15; children under 13 cannot, under any circumstances, provide consent themselves. Health information relates to past, present, and future health conditions or physical/mental health that is related to the provision of healthcare services or payment for those services.
According to the GDPR, you can be fined up to 4% of their yearly revenue for data/privacy breaches or non-compliance. Eugene is the Director, Technology and Security of Sontiq, a TransUnion company. He oversees the architecture of the core technology platform for Sontiq. Eugene has over 20 years of experience in the areas of Information Technology and software engineering. Organizations must apply appropriate safeguards to protect the confidentiality of PII based on how it categorizes PII in its confidentiality impact levels.
Later amendments regulate the use of healthcare identifiers and establish the obligations of entities that suffer from a data breach. Multiple data protection laws have been adopted by various countries to create guidelines for companies that gather, store, and share the personal information of clients. Some of the basic principles outlined by these laws state that some sensitive information should not be collected unless for extreme situations.