In the last couple years, the FBI has said the fastest growing crime in the United States is identity theft, and it predicts that this trend will continue. A recent report indicated that financial loss from identity theft has broken the trillion dollar mark.
The most common way to execute this crime is to find someone’s Personally Identifiable Information (PII). The National Institute of Standards Technology (NIST) defines PII as any information about an individual maintained by an agency, including: (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
Examples of PII include but are not limited to:
The degree of sensitivity within the PII classification varies greatly. For example, social security number versus first and last name. So as employees, if you have any doubt about the sharing of information, ask your manager or send an email to Datasecurity@detroitmi.gov.
PII is protected by federal legislation (strong laws but not very active), state legislation (very active) and sectorial or industry specific laws (numerous and strong). The March 2012 City of Detroit Security article will do an in-depth coverage of PII legislation.
From an e-commerce perspective, the collection of PII represents an efficient and important way for companies to provide goods and service transactions online. From a consumer perspective, the collection of PII allows Web surfers to customize their online experience as websites store their information to facilitate navigation and purchases. From a more nefarious standpoint, the collection of PII represents a prime target for identity thieves and others interested in obtaining the information for their financial benefit. The amount of personal identifying information collected in modern life is vast: transactional data is tracked, cell phones are monitored, Web surfing is recorded, and our moves in public are recorded by surveillance cameras. The small details that were once captured in dim memories or fading scraps of paper are now preserved forever in the digital minds of computers, vast databases with fertile fields of personal data.
Below are the Organization for Economic Co-operation and Development -- eight Privacy Principles they have become the de-facto standard when dealing with PII. It is the City of Detroit’s objective to adhere to these principles.
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means, and, where appropriate, with the knowledge or consent of the data subject.
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified except:
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
An individual should have the right:
A data controller should be accountable for complying with measures that affect the principles stated above.
With the constant threat of data breaches, increased use of “Big Data,” and the reliance on storing data externally, such as in a cloud, privacy has become a key objective of the Information Technology Services department
If you have any concerns please use:
Ken Jaworski: firstname.lastname@example.org (313) 224-1313
Terrence Sims: email@example.com (313) 224-3354
This will be a series of three articles covering PII. In March we will discuss Laws that cover PII and in April what you can do to protect PII.
Tags: no tags
2004-2014© City of Detroit ITS/Communications and Creative Services Division
For information about the City of Detroit’s Web site, email the Web editor