PII Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
51 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:02
Hello. Welcome to Cyber is Intermediate Data Security Course P II, all the instructor Dustin Perry.
00:08
In today's video, we're going to discuss what P II is and how it compares to personal data. Then we're going to go over something you may have heard of recently. And that's GDP are what's going to get started.
00:23
Personally identifiable information or P I, for short, is any data that could potentially be used to identify a particular person.
00:32
Examples of P. I include a full name, Social Security number,
00:37
driver's license number,
00:39
bank account numbers,
00:40
passport numbers and email addresses.
00:43
We often talk about P I I in the context of data breaches and identity theft.
00:48
If a company or organization suffers a data breach, a significance on concern is what p. I A. Data may have been exposed.
00:57
The personal data of the customers to do business or otherwise interact with the energy
01:02
exposed P. I can be sold on the dark Web and used to, and it's typically used to commit identity theft or, um,
01:10
otherwise put breach victims at risk. Not all data is created equal, though
01:17
first example of that your Social Security number.
01:19
This number is yours and yours alone. If someone steals your Social Security number, it's critically important to your identity.
01:26
But what about your name?
01:29
Typically, it's pretty likely that someone else could share your name. How Maney, Steve Smiths or Maria Garcias are there.
01:38
Your name is important, but without any other information, it's not likely that you could be identified with just your name.
01:45
But what if they combine your name with a email address or a hometown?
01:49
Now they're getting much closer to identifying you.
01:53
Before the days of the digital age, it was always important to keep yourself security card locked up, then never carry with you
02:00
if you did that, and only that your risk of having your identity stolen was pretty low.
02:05
But now welcome to the Internet age. The age of information and data always accessible your fingertips.
02:10
Your information is everywhere and whether you're aware of it or not,
02:15
how many websites have your email address?
02:20
How many websites had to register with your email address?
02:23
Most of these websites probably have your name as well.
02:27
What about any online shopping that you've done?
02:30
They probably have your shipping address and payment information
02:34
that with the combine information from some big breaches like Equifax,
02:39
your information or release, Some of it is probably already out there.
02:45
While P II is a commonly recognized term, there is another term that many people may be familiar with, and that's personal data.
02:53
The difference between P I and personal data can be explained by the following
02:58
personally identified or identifiable information, or P. I is a term used typically mainly within the United States of America.
03:07
Personal data is considered to be the European equivalent of P I. However, it doesn't completely correspond to the P I definite definition that's popular here in the US
03:19
The new you privacy law GDP or General Data Protection regulation defines personal data as the following
03:27
personal data means any information relating to an identified or identifiable natural person.
03:32
An identifiable natural person is one who can be identified directly or indirectly, in particular by reference
03:39
two unidentified or such as a main identification number, location, data,
03:44
online identifier or 21 or more factors specific to the physical fizz it
03:50
physiological, genetic, mental, economic, cultural or social identity of that natural person.
03:57
So one important note GDP are states that even Web cookies that are used to track you online can be considered personal data.
04:10
It's a little bit more about GDP. Are
04:13
companies that collect data on citizens in the European Union or the U
04:17
need to comply with strict new rules about protecting customer data?
04:23
The GDP are or General data protection Regulation sets a new standard for consumer rights regarding their data
04:30
being that it is so new. And like most laws, that leaves much to interpretation. It says that companies must provide a reasonable level of protection for personal data but does not define what constitutes reasonable.
04:45
This gives the GDP our governing body, a lot of leeway when it comes to assessing fines for data breaches and non compliance.
04:53
So what types of privacy data does GDP are protect,
04:58
and we kind of went over the definition in the previous slide. But I go. It protects basic identity information such as your name, address and the I D numbers. You may have
05:08
Web data as well. Includes location I P address cookie data and even or if i d. Tags,
05:15
health and genetic data,
05:15
biometric data,
05:17
racial or ethnic data,
05:20
political opinions and even sexual orientation.
05:25
any company that stores or processes personal information about you. Citizens within the EU states must comply with GDP are even if they do not have a business presence within the EU.
05:38
There is us but specific criteria for companies required to comply, and that includes any
05:46
presence in an EU country.
05:47
No presence in the U. But it processes personal data of European residents.
05:53
More than 200 employees,
05:56
fewer than 250 employees. But its data processing impacts the rights and freedoms of data subjects
06:02
is not occasional or include certain types of sensitive personal data.
06:06
That effectively means that
06:10
and covers pretty much all companies. There was a survey from PWC that showed that 92% of U. S companies consider a GDP are to be a top data protection priority.
06:26
So quick quiz Question.
06:28
What is the difference between P II and personal data?
06:32
Yeah, if we've talked about this this whole video, um, they're the really similar things, but they're things that can be used to identify a person.
06:41
P i I is typically used in mainly in United States, and personal data is considered to be the U equivalent of P. I
06:50
In today's video, we discussed P I or personally identifiable information.
06:56
We went over the differences between P I and personal data and we went into a little bit more GDP are.
Up Next