As an owner of a company, you have to deal with the personal data of your employees as well as customers. By law, you are required to safeguard the information and ensure that it is handled in a safe manner. However, it is difficult to know what constitutes personal information.
It is important to note that the definition of personal data differs according to the jurisdiction and country. It is generally defined as any information that could identify an individual. This includes information such as the name of the individual, email address, or phone number, but also other data that can link to an individual and allow them to be identified by their date of birth mother’s maiden names, biometric data, passport and visa information as well as credit card details, and other sensitive employment data (e.g. Performance ratings and discipline records).
Additionally the information should be reasonably identifiable to others. If it is difficult for others to recognize the information, then it is not considered to be personal. This is referred to as the “practicability” test.
The final step to determine whether something is personal is to determine if it concerns someone who is alive. This doesn’t include details that are related to business, such as invoices, orders or any other documents for business.
If sensitive personal information is lost or stolen, or shared in any other way without authorization, it can be very detrimental. It is crucial to educate employees on the importance of safeguarding sensitive PII. You must also ensure that you secure the information even when not being used, such as logging off of unattended computer systems and eliminating paper documents. It is important to review regularly the PII in your system, and restrict access to those with the business need to do such.