Personal Identifiable Information Strategy: Governance of PII

Verified

Added on 2020/05/11

AI Summary

This report focuses on a Personal Identifiable Information (PII) strategy, emphasizing the governance of digital identities for users. It highlights the vulnerabilities of PII to cyber threats and data breaches, advocating for strong governance policies to protect sensitive information. The report details governance plans for various user groups, including My License Portal users, DAS users, contractors, and DAS staff, outlining strategies such as access control, secure data storage, employee training, encryption, system updates, and the implementation of robust security infrastructure. The report underscores the importance of these measures in mitigating risks, ensuring data integrity, and maintaining the confidentiality of user information. Finally, it provides a bibliography of related academic resources.

Running head: PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Personal Identifiable Information Strategy
Name of Student
Name of University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
4. Governance of PII and digital identities for users of the portal
Personally identifiable information or PII is susceptible to several threats and risks. The cybercriminals and hackers mainly target the
sensitive information that is present in the cloud storage of the organization. They can misuse the data. The data might also be lost because of
their wrong activities. PII can be lost also because of lost hard drives, equipment as good documents along with cyber attacks. If PII is stolen or
lost then it can cause financial loss and also harm the reputation of the organization. A data breach can harm the organization in several ways.
Therefore, it can be said that it is essential to develop strong governance policies in the organization for protecting the personally identifiable
information of the users. The governance of PII is a complex process and must be well planned and implemented. PII governance forms an
essential and integral part of managing PII as well as digital identities. This also helps in social progress as well as economic development. PII
foundation forms the basis for a secure organization as well as a cloud platform. The digital identity of the organization can be made effective by
implementing strong governance policy for protecting the PII. Initially, the PII dealt with the telephone numbers of the people. With the growth
of technology, people are able to access and process data at a faster speed. This has also led to the increase in loss of data and therefore the
personally identifiable information is subjected to various risks and threats. The data loss can be divided into two categories called intentional
and unintentional data loss. Accidental loss of data is not much harmful because there are no malicious intentions behind such loss. The data loss
can be caused due to the carelessness of the employees and some kind of errors that are made by the employees. These employees do not have
any wrong intention to harm the organization. Lack of strong security policies can also cause accidental loss of data. The other type of threat is
the deliberate threat that can harm the organization in a severe manner. The exposure of this risk is high because there are malicious intentions

2
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
behind such attacks. These attacks can be either external or internal. PII can contain sensitive information like name, address, phone numbers
and financial details of the user. It can also contain health-related information and payroll information of the employees of the organization.
Preventive measures must be taken in order to protect these valuable data from any types of attacks. There can be malware attacks like virus
attacks, worms, phishing attacks and Trojan horse attacks as well. Spyware can enter the system and quietly steal data from the system. Data
must be protected in a proper manner in order to protect the reputation of the company as well as the sensitive data of the users. Therefore, a
proper strategy must be implemented for the governance of PII and for protecting the digital identity of users of My License portal. The
governance plan is discussed below.
4.1. PII and digital identities for the users of My license Portal
1. The users need to have proper knowledge regarding storage of the data. They must be aware of all the various types of security threats and
risks that can harm the sensitive information. Proper knowledge about the importance of security measures forms the basic step for forming the
governance plan of PII. Proper track of the data record of the users is important. Proper access control strategies must be developed that will
allow specific users to access specific information. Access control can be considered to be a key feature for protecting the PII. Every user will
not be able to access all the available users. This access control mechanism will allow protecting the information from any unauthorized access
of data. Unauthorized access can harm the integrity as well as confidentiality of the information. Implementing strong access control policies
will help to protect PII of the users in an effective manner.

3
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
2. Another effective governance plan will be to create effective policies for secure storage, access, retrieval as well as transmission of data.
Keeping proper track of the data helps to handle data in an efficient as well as effective manner. This will help to develop an important strategy
for protecting PII. Proper track record of the data that is received or transmitted must be maintained so that it is easy to identify any type of
discrepancy in the transmission of data. Therefore, it can be said that proper handling as well as maintaining proper track record of information
is important for developing an effective governance plan.
3. The users must be trained so that they are able to handle the documents of digital identity in an effective manner. Imparting proper education
to the users will help to develop a strong strategy for the governance of PII. The users must be aware of the various privacy issues and it will be
help in protecting the PII from any type data breach and data loss. Imparting proper training to the users and employees will promote effective
handling of data ensuring high level security of PII.
4.2. Personal and PII data for DAS users of the HR personnel Management Suite
1. The PII of DAS users is vulnerable to several threats and attacks. The risk exposure is high for all the data and documents that are stored in the
cloud. An effective preventive measure is to apply encryption algorithms for encrypting the sensitive information. Encryption algorithm
translates the plain texts into ciphertexts to protect it from any unauthorized access. Encryption can be considered to be a strategy for the
governance of PII of DAS users.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
2. Poor configuration or misconfiguration of system can lead to major loss of information. The systems and applications must be updated on a
regular basis to avoid such issues. The data governance plan should focus on monitoring the system versions and updates.
3. Designing effective and advanced security infrastructure for the DAS can be considered to be a risk mitigation strategy of the organization.
The governance of PII must include the development of strong security infrastructure for the purpose of preventing any attack. Well, designed
security architectures will help the organization to fight against any attacks. Organizations will be able to prevent virus attacks, phishing attacks
and other malware attacks.
4.3. Personal and PII data for Contractors
The governance plan or strategy for contractors is discussed below.
1. The contractors should have a license and they must also meet the needs and requirements of the DAS. One main strategy of mitigating risk is
to hire licensed contractors. The governance plan must include this strategy because the licensed contractors have proper knowledge regarding
privacy issues and risks and they will know how to protect the data that is stored in the cloud storage space.
2. The management suite of the contractor must include an option for automatically updating the firewalls of the system. The operating system
needs to be updated and original. Automatic update, as well as essential security policies, will help to enable an effective governance plan of PII.
An advanced version of operating systems will help to protect the data from any external as well as internal attacks. Older versions of

5
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
applications and operating systems are vulnerable to various attacks. The contractor management suite must include this auto-update feature in
order to promote an effective governance plan.
3. Trained contractors must be selected so that they are able to prevent any data breach. Trained contractors will be able to detect and prevent
any type of risks that can harm the system and its data.
4. Access control must be well implemented. It is considered to be an effective method of governance of the stored data in the suite of the
contractor. This helps to promote effective management as well as administration of the PII. It forms a major component of the governance plan
for protecting the personal as well as PII of the contractors.
4.4. Personal and PII data for users and DAS staffs
1. The DAS staffs must be trained in an effective manner so that they are able to detect and mitigate any type of security issue that occurs.
Proper training will help to ensure proper security mechanism in the organization. They will know how to optimally use the data. They will also
know about the issues that are related to the cloud storage. This ensures effective risk mitigation strategy.
2. The consistency, as well as integrity of the information, needs to be maintained so that there is no misuse and loss of data. Maintaining
consistency and integrity ensures an effective data governance plan. The financial data needs to be well protected so that it is not lost. This plan
will help in protecting the payroll-related information of the employees.
3. The governance plan must include limited data access by specific users. This will help to protect the PII of the DAS staffs and users.

6
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Bibliography:
Schwartz, P. M., & Solove, D. J. (2014). Reconciling personal information in the United States and European Union. Cal. L. Rev., 102, 877.
Shatnawi, A. (2017). Estimating Accuracy of Personal Identifiable Information in Integrated Data Systems.
Tucker, C. E. (2014). Social networks, personalized advertising, and privacy controls. American Marketing Association.
Wu, D., & Shan, S. (2015). Meta-analysis of network information security and Web data mining techniques. In First International Conference on
Information Sciences, Machinery, Materials and Energy (pp. 1974-1977). Atlantis Press.
Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control
assessment. Information Sciences, 232, 482-500.