As a business owner as a business owner, you are responsible for dealing with the personal information of both your staff and customers. In law, you are required to safeguard the information and ensure that it is used in a responsible manner. It’s not always easy to determine what constitutes personal information.
It is important to remember that the definition of personal data is different according to the country and the jurisdiction. In general, personal data is any information that can be used to identify the identity of a person. This includes information such as the person’s name, email address or phone number, as well as any other data that can link to an individual and allow them to be identified by their date of birth, mother’s maiden name, biometric information such as passport or visa information as well as credit card details, and other sensitive information about employment (e.g. Performance ratings and records of disciplinary actions).
Additionally the information should be reasonably identifiable to others. If it is difficult for anyone to recognize the information, it is not considered as personal. This is referred to as the “practicability” test.
The final stage in determining whether something is personal is that it has to be about a living, identified person. This is not the case for business information like invoices or orders.
Sensitive personal information can be extremely damaging if stolen, lost or divulged without authorization. It is vital to educate employees on the importance of protecting sensitive PII. It is also important to ensure that you secure the information when it is not in use, for example, the logging off of computers that are not being used systems and destroying paper documents. It is important to check regularly the PII within your system and to limit Related Site access only to those with a business reason to do so.