What exactly is “private or confidential information?” That can be a difficult question. People often use the term “confidential information” when referring to personally identifiable information (PII). But all PII doesn’t necessarily have to be kept confidential. So what are we talking about specifically?
In the United States, it applies to documentation or communications between persons in email or by voice, with respect to file transfers, and of course what is written in email messages.
Types of personally identifiable information
- Social Security Number (SSN)
- Driver’s license number or state-issued identification card number
- Passwords and phrases to any account, computer, or system
- Security codes, access codes, or passwords that could permit access to an individual’s accounts
- Medical information, including any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional.
- Health insurance information, including an individual’s health insurance policy number or subscriber identification number
- Any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history
- Place of birth
- Date of birth
- Mother’s maiden name
- Answers to security questions stored within accounts
- Biometric information
- Personal financial information, including credit scores and history
- Credit card or purchase card account numbers
- Passport numbers
- Potentially sensitive employment information, e.g. personnel ratings, disciplinary actions, and results of background investigations
- Criminal history
- Any information that may stigmatize or adversely affect an individual
That list contains some examples of what is PII and is not all-inclusive, of course. However, it does provide a good overview.
Protecting Personally Identifiable Information
Email has become the most common way for people to communicate and share information, especially when it comes to conducting business. A report by McKinsey Global Institute and International Data Corp found that we spend approximately 28% of our time, daily, perusing our in boxes. This is the second most time-consuming part of our work day. Included in many of those messages will be PII that may be used by criminals to commit identity theft and/or other crimes.
Most states in the United States now have separate laws that require organizations to protect PII. Generally, these laws prohibit the inclusion of confidential information or PII in email messages. However, there is also a perception that if the email is sent directly from one individual to another individual, then the information has been kept private.
Unfortunately, that is not true.
While some organizations provide internal security to ensure emails are secured and/or encrypted when sent to other internal employees, it isn’t always the case.
DCCU has two secure ways to send confidential information between us and members:
- Once you’re logged into eBanking click on the envelope icon at the top right. Click Compose Email to send a sensitive message.
- Or, at www.dccu.us (which IS a secure https site) choose the Secure Email option to send us a message containing PII.
Email should never be considered private or confidential unless it’s encrypted.
When sending an email, take a moment to review the contents of the messages to confirm no PII items are included in the email. In addition, if there is something attached to the message, the data in that attachment must also be carefully reviewed. Excel spreadsheets, Word documents, and PDF documents are the most common types of attachments to be sent that inadvertently contain information considered to be PII.
Use secure websites
There may be times when you need to send confidential or PII data via a website. If you are transferring via a website, make sure the site is using encryption for the file transfer. To confirm, look for “https://” in the URL of the website. If you only see “http://”, it indicates that the page is not using encryption and you should not send the file.
There are other indicators that it is secure. Sometimes there is a lock icon on the address bar or at the bottom of the window. The text at the beginning of the URL may also turn green to indicate security. Just make sure that the site is most certainly secure before entering text into it or attaching documents.
Check the URL
Also, be sure to confirm that you are connected to the correct web address. Criminals often purchase domain names that are just one character off legitimate ones or look very similar to the most popular or well-known sites in hopes that you may mistype the URL and end up at their websites instead. If you don’t notice right away, you could end up giving up valuable data to a bad actor.
Always keep in mind, if you need to send personally identifiable information, make sure you have the correct URL, the site is secure, or the email is encrypted. These steps are so important to protect your identity and your money.