IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pii]

37 questions
37
votes
6 answers

Is a standalone phone number considered Personally Identifiable Information?

Personally Identifiable Information (PII) is defined (the example below is from NIST) as (emphasis mine) Information that can be used to distinguish or trace an individual's identity, such as name, social security number, biometric records, …
WoJ
  • 8,957
  • 2
  • 32
  • 51
19
votes
2 answers

Is gender considered PII (Personally Identifiable Information) under the GDPR?

Since GDPR is shaking everything up at the minute I'm working on a few changes to our website/process. I work in eCommerce in UX (UK based) and support marketing teams with certain activities. My question is, does gender of an individual count as…
sclarke
  • 301
  • 1
  • 2
  • 9
5
votes
2 answers

Documentation for GDPR best practices for partially masking email addresses

I must give certain employees access to a report which contains email addresses. I would like to redact or partially mask these email addresses, but I am having trouble finding official guidance on how to properly mask email addresses so that they…
MeMyselfI
  • 153
  • 1
  • 3
3
votes
2 answers

Encryption as bijective data masking function

Context I'm building data lake from scratch within a small team (3-6 data engineers). I want to mask PII data when copying data from prod to dev/test environments. I'm particularly interested in the case when ETL join, srk generation, deduplication…
VB_
  • 215
  • 2
  • 9
3
votes
4 answers

Are employee or badge numbers PII?

We're looking at implementing an Identity Management/Lifecycle system. We're looking at aggregating all our authentication into this system. However, one area of concern is same-name employees, so we are implementing an employee number and badge…
Nathan Goings
  • 858
  • 6
  • 14
3
votes
1 answer

How can I prove that I adhere to stated privacy policy? What audits are effective for voluntary compliance?

I have a website and mobile app that doesn't store data or PII. Suppose I'm not subject to any special privacy laws. How can I voluntarily submit myself to an audit to ensure that I'm acting true to my word? What regulations are recognized by…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
2
votes
0 answers

What are the main PII data brokers? (How do certain online companies get accurate age verification?)

A long time ago, I signed up for Apple Pay Cash. After a bit of using the service, I was asked to input my name and birthdate to continue using the service. At the time, I was underage. I input inaccurate information signifying I was 18+ to continue…
Mave
  • 21
  • 2
2
votes
1 answer

PII Data Masking rules - what's acceptable and what's not

Is there a security rule on correct masking for sensitive information? Let's say we want to use prod data in our UAT environment. We're thinking of creating a masking logic when we transfer prod data to UAT. Changing the fields would look something…
lecarpetron dookmarion
  • 141
  • 1
  • 2
2
votes
2 answers

AWS KMS Getting Data Key using AWS Encyption SDK

I am exploring the AWS KMS as a vault for storing the encryption keys. Now I am trying to encrypt the database fields like email. So, issue whenever there is a read/write for email, I don't want to hit the AWS APIs(using SDK) to…
Ankit Bansal
  • 157
  • 1
  • 9
2
votes
1 answer

Implications re security practices of full account access granted to third parties

I'm working with a company (say, Acme) that does some ongoing data collection and processing for me. The data in question is private but not all that sensitive. Part of Acme's service has password-protected access via the web, so Acme obviously…
Barney
  • 121
  • 3
2
votes
2 answers

What's the danger of an online resume (a CV)?

I was talking with someone about my resume, and on the subject of my posting it online they said, just be careful with PII ... for your own good :) My reaction to that is How bad can it be? -- and, What's the worst that could happen? That's more…
ChrisW
  • 203
  • 1
  • 5
2
votes
1 answer

Information leakage through json response

I am testing a product survey website. As a response to getSurveyResults() call, the following details of all survey participants shall be displayed to all website users. Nick name Location Rating Comments Age However, in results json, I could see…
Jaya
  • 411
  • 3
  • 6
2
votes
2 answers

How can I encrypt messages sent over AWS PrivateLink?

I am working on a project where I need to send messages to a partner via AWS PrivateLink. Because these messages contain PII, the data needs to be secure. I have been unable to determine from internet searching whether data transmitted over…
Daniel
  • 123
  • 6
2
votes
1 answer

Secure, Portable Bookmarks

A constant bugbear is my bookmarks being synced to my Google accounts, meaning access to them outside that Google account requires various manual steps. So it got me thinking of a roll your own way to sync your bookmarks. Obviously this system…
TrickyDupes
  • 2,809
  • 1
  • 13
  • 27
1
vote
0 answers

How do I make sure the information I collect on a person does not constitute personal data/PII?

I'm building an application that may involve the storage of certain information pertaining to potentially millions users of a popular social media platform for analytics purposes, making the obtaining of consent almost impractical (if not…
moonman239
  • 121
  • 4
1
2 3