Protecting Personal Business Information

Personal business refers to the tasks or activities the individual or company manages on their own, such as managing finances, managing household chores or maintaining appointments. It could also mean starting and running your own small business based upon your talents, interests, and experience as a sole proprietor an individual.

While data privacy laws differ across countries and states but they generally have the same definitions of what constitutes personal information. The CCPA and Connecticut’s law for instance, define personal data as any information that is reasonably linkable to an identifiable person and is not restricted to de-identified data or information that is publicly accessible. The CCPA also contains a separate category for sensitive personal information that needs more protection than any other form of data.

It is crucial to determine where and how much data your company holds. The best method for doing this is to conduct an exhaustive inventory of all files, documents and folders, as well as storage devices. This should include all desktops, file cabinets laptops, mobile devices, laptops as well as flash drives, disks and digital copiers. Don’t forget to look for areas where sensitive information might be stored outside of your office. This is the case for employees’ homes as well as their computers at home that they work from.

PII that is sensitive needs to be secured both in transit and at rest and only for as long as is necessary to conduct business. This includes biometric information medical information that is covered by the Health Insurance Portability and Accountability Act (HIPAA) and unique identifiers such as passport or Social Security numbers and employee personnel records.