Featured Research

from universities, journals, and other organizations

Guide To Protect People From Theft Of Personally Identifiable Information

Date:
January 14, 2009
Source:
National Institute of Standards and Technology
Summary:
A new draft guide on protecting personally identifiable information such as social-security and credit-card account numbers from unauthorized use and disclosure.

Thefts of personally identifiable information (PII), such as social security and credit card account numbers, are increasing dramatically. Adding to the difficulty of fighting this problem, organizations often disagree on what PII is, and how to protect it. Now, in a first-of-its-kind publication, the National Institute of Standards and Technology (NIST) has issued a draft guide on protecting PII from unauthorized use and disclosure.

“You can’t protect PII unless you can identify it,” says NIST’s Erika McCallister, a co-author of the new work. The new NIST publication provides practical guidelines for implementing a basic definition of PII established by the government’s Office and Management and Budget (OMB) in a 2007 memo: “information which can be used to distinguish or trace an individual’s identity” either all by itself—such as fingerprints, which are unique—or in combination with other information, such as date of birth, which can belong to multiple people but can be narrowed down to an individual in connection with other data.

Echoing former national security advisor McGeorge Bundy, who once stated, “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds,” McCallister and her co-authors observe that, “All PII is not created equal.” A telephone area code holds less specific information about an individual than a social security number, so “you don’t need to protect things the same way,” McCallister says.

The NIST team recommends tailoring safeguards to the level of risk involved in holding personal information. PII should be graded by “PII confidentiality impact level,” the degree of potential harm that could result from the PII if it is inappropriately revealed. For example, an organization might require appropriate training for all individuals who are granted access to PII, with special emphasis on moderate- and high-impact PII, and might restrict access to high-impact PII from mobile devices, such as laptops and cellphones, which are generally at greater risk of compromise than non-portable devices, such as desktop computers at the organization’s headquarters.

The publication also recommends basic actions that organizations should take: identify all the PII they maintain, minimize the amount of PII they collect to what is strictly necessary to accomplish their mission, and develop incident response plans to handle breaches of PII. Such plans would include elements such as determining when and how individuals should be notified, and whether to provide remedial services, such as credit monitoring, to affected individuals.

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)


Story Source:

The above story is based on materials provided by National Institute of Standards and Technology. Note: Materials may be edited for content and length.


Cite This Page:

National Institute of Standards and Technology. "Guide To Protect People From Theft Of Personally Identifiable Information." ScienceDaily. ScienceDaily, 14 January 2009. <www.sciencedaily.com/releases/2009/01/090113174619.htm>.
National Institute of Standards and Technology. (2009, January 14). Guide To Protect People From Theft Of Personally Identifiable Information. ScienceDaily. Retrieved October 20, 2014 from www.sciencedaily.com/releases/2009/01/090113174619.htm
National Institute of Standards and Technology. "Guide To Protect People From Theft Of Personally Identifiable Information." ScienceDaily. www.sciencedaily.com/releases/2009/01/090113174619.htm (accessed October 20, 2014).

Share This



More Computers & Math News

Monday, October 20, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Facebook Says The DEA's Fake Accounts Go Too Far

Facebook Says The DEA's Fake Accounts Go Too Far

Newsy (Oct. 19, 2014) Facebook says the DEA violated its Terms of Service and that such impersonations damage the integrity of the site. Video provided by Newsy
Powered by NewsLook.com
Court Ruling Means Kids' Online Activity Could Be On Parents

Court Ruling Means Kids' Online Activity Could Be On Parents

Newsy (Oct. 17, 2014) In a ruling attorneys for both sides agreed was a first of its kind, a Georgia appeals court said parents can be held liable for what kids put online. Video provided by Newsy
Powered by NewsLook.com
For Google, Even A $16.5 Billion Earnings Report Is A Miss

For Google, Even A $16.5 Billion Earnings Report Is A Miss

Newsy (Oct. 17, 2014) Analysts were expecting more, but Google’s ad growth slowed on the quarter and the company is spending more of its money. Video provided by Newsy
Powered by NewsLook.com
Obama Signs Cybersecurity Order, Wants Safer Payments

Obama Signs Cybersecurity Order, Wants Safer Payments

Reuters - US Online Video (Oct. 17, 2014) President Barack Obama announces details of a new executive order designed to make federal payments safer following recent massive data breaches. Rough Cut (no reporter narration). Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins