Personally Identifiable Information is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
Table of Contents
- PII Defined
- PII Data Storage and Security
- Other PII Data Controls
- PII Best Practices for Photo ID Data
PII Defined (by NIST 2021)
- Personally Identifiable Information is information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
- Including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
- Examples of PII include, but are not limited to:
- Names, such as full name, maiden name, mother‘s maiden name, or alias
- Personal identification numbers, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, or financial account or credit card number
- Address information, such as street address or email address
- Personal characteristics, including photographic image (especially of the face, or other identifying characteristics), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry)
- Examples of PII include, but are not limited to:
Impact Level Definitions
The following describes the three impact levels—low, moderate, and high—defined in FIPS 199, which are based on the potential impact of a security breach involving a particular system:
- The potential impact is LOW if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capability to an extent and duration that the organization can perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals.
- The potential impact is MODERATE if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries.
- The potential impact is HIGH if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.‖ Harm to individuals as described in these impact levels is easier to understand with examples. A breach of the confidentiality of PII at the low impact level would not cause harm greater than inconvenience, such as changing a telephone number. The types of harm that could be caused by a breach involving PII at the moderate impact level include financial loss due to identity theft or denial of benefits, public humiliation, discrimination, and the potential for blackmail. Harm at the high impact level involves serious physical, social, or financial harm, resulting in potential loss of life, loss of livelihood, or inappropriate physical detention.
PII Data Storage and Security
- The primary PII Data Types used by eXpress badging® when configuring a Veonics Portal® identity management system:
- First Name
- Middle Initial (rare)
- Last Name
- Department
- Title
- Badge Type
- Location
- Email Address
- Mailing Address (rare)
- Photo Image
- Contractor/Company Name
- Expiry Date (rare)
- Issue Date
- Employee number
- Badge Number
- Data Demographics
- Badge Types
- Employees
- Students
- Contractors
- Vendors
- Visitors
- Event Attendees
- Foreign Nationals
- Age Groups
- 80% over 16 years old, most over 21
- 20% under 16 years old, overestimated and rare
- Badge Types
Other PII Data Controls
- Data is deleted after issuance unless the Veonics Portal customer prints on-premises and controls the data; they can delete when they want.
- HIPAA Health Insurance Portability and Accountability Act, PHI Protected Healthcare Information, or PCI Consumer Payment Information data, can never be stored within the Veonics Portal.
- eXpress badging is not a source-data repository unless defined in engagement documentation.
- The customer is responsible for maintaining a backup of all provided data.
- eXpress badging will obliterate customer data and photos when printing as a service after 30 days.
- eXpress badging will obliterate customer data after 30-days from the date of license engagement non-renewal
- Access to customer-provided data is limited to those with the right to view and edit.
- Most Veonics Portal record actions are recorded for audit purposes.
- Please don't provide PII elements within files for upload or import to eXpress badging that is not required to print or manage photo ID issuance.
PII Best Practices for Photo ID Data
eXpress badging ensures that all PII provided is stored securely and is only accessible by authorized personnel. PII compliance will vary by customer and project and must be clearly defined, not referencing standard governance codes.
eXpress badging uses industry-standard practices to manage all data and images securely.
eXpress badging recommends only using PII with low confidentiality impact levels for displayed use on a photo ID credential.
eXpress badging may periodically delete cardholder photos and data. It is not the responsibility of eXpress badging to retain this information regarding ongoing re-issuance after an engagement is terminated.