Protecting Personal Business Information

The term “personal business” refers to the tasks or responsibilities a person or company handles on their own, for example, managing finances, handling household chores or maintaining appointments. It can also mean the creation and management of a business that is based on the skills or interests, as an individual or sole proprietor.

While privacy laws regarding data vary from countries to countries and states to state however, they all have the same definitions of what constitutes personal information. The CCPA and Connecticut’s law, for example, describe personal data as any information that is linked or reasonably capable of being linked to an identifiable person and is not restricted to de-identified data or publicly accessible information. The CCPA also includes a section for sensitive personal data that needs more protection than other types of data.

It is essential to determine where and how much data your company holds. This can be done by conducting a thorough inventory on all documents, files, and storage devices. This should include all file cabinets, desktops laptops, mobile devices, laptops and flash drives, disks and digital copiers. Also, don’t forget check places where sensitive information might be stored outside your office, such as employees’ homes, their work-from-home computers and other devices.

Sensitive PII should be encrypted both in transit and at rest and should only be kept for the time necessary for business purposes. This includes biometric information medical information that is covered by the Health Insurance Portability and Accountability Act (HIPAA) Unique identification numbers such as passports or Social Security numbers and employee personnel records.