Data Quality Tools, Mailing Software, Lists, NCOA, Data Enhancements
Shopping Cart Cart | Newsletters | Search
Call 1-800-Melissa Products      Solutions Professional Services Downloads Support Resources Lookups Company


 News

 5 Steps to Securing PII
     By Gary Palgon, VP of product management for nuBridges

Making the transition to protecting personally identifiable information (PPI) is straightforward if you approach it systematically.

1. Classify the data — Identify all types of personal data your company collects and stores, and determine if it really needs to be collected, and if so, if it needs to be stored. After culling the unnecessary data types, create a hierarchy separating the remaining data types into broad security categories: data everyone can see, data some people can see, and data very few people can see.

2. Find out where the data resides — Identify all points where the data enters your company, track how confidential consumer and employee information flows throughout your organization, and locate where all existing electronic and hard copy PII data resides. Software utilities that scour the network inside applications and databases can help find this information.

3. Remediate and secure the data — Many IT managers thought it would be easy to encrypt credit and debit card data to comply with PCI Data Security Standard (DSS). In reality, the challenge in remediating and securing the data has been the associated encryption key management, which involves maintaining the keys used by authorized employees to encrypt and decrypt the data wherever it resides throughout the organization. The same is true for encrypting PII. Look for a solution that provides enterprise-wide encryption key management.

4. Enable process and procedures — Securing PII also requires changes in policies and procedures. Because most breaches are internal and accidental, periodic employee education on security best practices is vital.

5. Ongoing security and continual maintenance — Security is an ongoing program of compliance. Continually monitor your electronic and physical security processes and procedures to maintain the level of security necessary to protect confidential information throughout your enterprise and with business partners.

Simply protecting payment card data is no longer enough. Retailers need to approach data protection from a broader sense, considering the rise of state breach notification laws and other industry mandates. By adopting general data security best practices, merchandisers can adequately guard all sensitive data entrusted to their organization from customer credit card information to customer, employee and supplier PII.

---Source: Multichannel Merchant List & Data Strategies July 7, 2008 newsletter (www.multichannelmerchant.com).

 

 

 

 

 

 


 


Follow us on:

Facebook           Twitter

           


Article Library | Direct Mail | Copywriting | Data Quality | eMail | Case Studies | Technical | Postal
Marketing Strategies | Internet & Web | Industry News | Subscript to Newsletters