Understanding PII Governance: Risks, Threats And Preventive Measures

Importance of PII Governance

Personally identifiable information or PII is susceptible to several threats and risks. The cybercriminals and hackers mainly target the sensitive information that is present in the cloud storage of the organization. They can misuse the data. The data might also be lost because of their wrong activities. PII can be lost also because of lost hard drives, equipment as good documents along with cyber attacks. If PII is stolen or lost then it can cause financial loss and also harm the reputation of the organization. A data breach can harm the organization in several ways. Therefore, it can be said that it is essential to develop strong governance policies in the organization for protecting the personally identifiable information of the users. The governance of PII is a complex process and must be well planned and implemented. PII governance forms an essential and integral part of managing PII as well as digital identities. This also helps in social progress as well as economic development. PII foundation forms the basis for a secure organization as well as a cloud platform. The digital identity of the organization can be made effective by implementing strong governance policy for protecting the PII. Initially, the PII dealt with the telephone numbers of the people. With the growth of technology, people are able to access and process data at a faster speed. This has also led to the increase in loss of data and therefore the personally identifiable information is subjected to various risks and threats. The data loss can be divided into two categories called intentional and unintentional data loss. Accidental loss of data is not much harmful because there are no malicious intentions behind such loss. The data loss can be caused due to the carelessness of the employees and some kind of errors that are made by the employees. These employees do not have any wrong intention to harm the organization. Lack of strong security policies can also cause accidental loss of data. The other type of threat is the deliberate threat that can harm the organization in a severe manner. The exposure of this risk is high because there are malicious intentions behind such attacks. These attacks can be either external or internal. PII can contain sensitive information like name, address, phone numbers and financial details of the user. It can also contain health-related information and payroll information of the employees of the organization. Preventive measures must be taken in order to protect these valuable data from any types of attacks. There can be malware attacks like virus attacks, worms, phishing attacks and Trojan horse attacks as well. Spyware can enter the system and quietly steal data from the system. Data must be protected in a proper manner in order to protect the reputation of the company as well as the sensitive data of the users. Therefore, a proper strategy must be implemented for the governance of PII and for protecting the digital identity of users of My License portal. The governance plan is discussed below.

1. The users need to have proper knowledge regarding storage of the data. They must be aware of all the various types of security threats and risks that can harm the sensitive information. Proper knowledge about the importance of security measures forms the basic step for forming the governance plan of PII. Proper track of the data record of the users is important. Proper access control strategies must be developed that will allow specific users to access specific information. Access control can be considered to be a key feature for protecting the PII. Every user will not be able to access all the available users. This access control mechanism will allow protecting the information from any unauthorized access of data. Unauthorized access can harm the integrity as well as confidentiality of the information. Implementing strong access control policies will help to protect PII of the users in an effective manner.
2. Another effective governance plan will be to create effective policies for secure storage, access, retrieval as well as transmission of data. Keeping proper track of the data helps to handle data in an efficient as well as effective manner. This will help to develop an important strategy for protecting PII. Proper track record of the data that is received or transmitted must be maintained so that it is easy to identify any type of discrepancy in the transmission of data. Therefore, it can be said that proper handling as well as maintaining proper track record of information is important for developing an effective governance plan.  
3. The users must be trained so that they are able to handle the documents of digital identity in an effective manner. Imparting proper education to the users will help to develop a strong strategy for the governance of PII. The users must be aware of the various privacy issues and it will be help in protecting the PII from any type data breach and data loss. Imparting proper training to the users and employees will promote effective handling of data ensuring high level security of PII.  

1. The PII of DAS users is vulnerable to several threats and attacks. The risk exposure is high for all the data and documents that are stored in the cloud. An effective preventive measure is to apply encryption algorithms for encrypting the sensitive information. Encryption algorithm translates the plain texts into ciphertexts to protect it from any unauthorized access. Encryption can be considered to be a strategy for the governance of PII of DAS users.
2. Poor configuration or misconfiguration of system can lead to major loss of information. The systems and applications must be updated on a regular basis to avoid such issues. The data governance plan should focus on monitoring the system versions and updates.
3. Designing effective and advanced security infrastructure for the DAS can be considered to be a risk mitigation strategy of the organization. The governance of PII must include the development of strong security infrastructure for the purpose of preventing any attack.  Well, designed security architectures will help the organization to fight against any attacks. Organizations will be able to prevent virus attacks, phishing attacks and other malware attacks.  

The governance plan or strategy for contractors is discussed below.

1. The contractors should have a license and they must also meet the needs and requirements of the DAS. One main strategy of mitigating risk is to hire licensed contractors. The governance plan must include this strategy because the licensed contractors have proper knowledge regarding privacy issues and risks and they will know how to protect the data that is stored in the cloud storage space.
2. The management suite of the contractor must include an option for automatically updating the firewalls of the system. The operating system needs to be updated and original. Automatic update, as well as essential security policies, will help to enable an effective governance plan of PII. An advanced version of operating systems will help to protect the data from any external as well as internal attacks. Older versions of applications and operating systems are vulnerable to various attacks.  The contractor management suite must include this auto-update feature in order to promote an effective governance plan.
3. Trained contractors must be selected so that they are able to prevent any data breach. Trained contractors will be able to detect and prevent any type of risks that can harm the system and its data.
4. Access control must be well implemented. It is considered to be an effective method of governance of the stored data in the suite of the contractor. This helps to promote effective management as well as administration of the PII. It forms a major component of the governance plan for protecting the personal as well as PII of the contractors.

1. The DAS staffs must be trained in an effective manner so that they are able to detect and mitigate any type of security issue that occurs. Proper training will help to ensure proper security mechanism in the organization. They will know how to optimally use the data. They will also know about the issues that are related to the cloud storage. This ensures effective risk mitigation strategy.
2. The consistency, as well as integrity of the information, needs to be maintained so that there is no misuse and loss of data.  Maintaining consistency and integrity ensures an effective data governance plan. The financial data needs to be well protected so that it is not lost. This plan will help in protecting the payroll-related information of the employees.
3.  The governance plan must include limited data access by specific users. This will help to protect the PII of the DAS staffs and users.

Schwartz, P. M., & Solove, D. J. (2014). Reconciling personal information in the United States and European Union. Cal. L. Rev., 102, 877.

Shatnawi, A. (2017). Estimating Accuracy of Personal Identifiable Information in Integrated Data Systems.

Tucker, C. E. (2014). Social networks, personalized advertising, and privacy controls. American Marketing Association.

Wu, D., & Shan, S. (2015). Meta-analysis of network information security and Web data mining techniques. In First International Conference on Information Sciences, Machinery, Materials and Energy (pp. 1974-1977). Atlantis Press.

Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482-500.