What is PII? According to the United States Department of Labor, personally identifiable information, or PII, is information that either: identifies a specific individual (direct identification) or identifies individuals by their connection with data elements, such as gender, race, and other demographic information (indirect identification). There are different types of PII but the one businesses should be most familiar with is sensitive PII. Sensitive PII is typically private information such as:

• Social security numbers
• Medical records
• Financial information

Sensitive PII is typically taken from another agency or directly from the client. Due to the private nature of this information, precautions must be taken in order to protect it. Protecting PII at Your Firm Although most states have adopted a “reasonable protection” approach to PII protection, the definition of “reasonable” is constantly changing. As we have stated before, states employ this approach to avoid placing an unreasonable burden on law firms and other data holders. Due to this lighter burden, you will most likely be able to meet this requirement with basic encryption and password protection. These are two protective tools that you should already have at your firm, no matter the size of your budget. But, how protected are you with these “bare-bones” protections? Additionally, you may meet the requirements now, but that does not mean you will meet them tomorrow. Therefore, it is a good idea to enhance your security now, in order to avoid future problems. Begin by

• Regularly monitor your data and servers in order to detect unauthorized access
• Keep your firewall software up to date
• Educate your employees about PII protection in addition to your current security measures

Following these steps can help you avoid the harmful consequences, while giving both your employees and your client’s peace of mind. Check back to the Protexure Accountants Blog for more information about PII laws and regulations, and how to comply with these laws.