The escalation of security breaches involving Personally Identifiable Information (PII) has contributed to the loss of millions of records over the past few years. Personally Identifiable Information (PII), as used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.   By working with our clients to properly classify data, implement security controls, monitor and report suspicious network activity, and training, Praetorian Secure can help your organization meet different combination of laws, regulations, and other mandates. To effectively protect PII, Praetorian Secure recommends organizations should implement risk-based approach: 

• Organizations should identify all PII residing in their environment - databases, shared network drives, backup tapes, contractor sites

• Review current holdings of PII and ensure they are accurate, relevant, timely, and complete

• Reduce PII holdings to the minimum necessary for proper performance of agency functions

• Develop a schedule for periodic review of PII holdings

• Organizations should categorize their PII by the PII confidentiality impact level

• Identifiability, Quantity, Data Field Sensitivity, and Context of Use

• Know you Obligations to Access enforcement, Locate and  Protect PII Confidentiality Implementing Access Control for Mobile Devices

• Organizations should apply the appropriate safeguards for PII based on the PII confidentiality impact level

• Develop comprehensive policies and procedures for protecting the confidentiality of PII

• De-Identifying PII, Schedule Auditing Events, Conduct Training

• Providing Transmission Confidentiality through encryption

• Develop an incident response plan to handle breaches involving PII