Businesses shoulder something of a “double burden” when protecting sensitive information. They must protect the company’s Unique Business Identifiers (UBI), as well as the Personal Identifying Information (PII) of individuals such as employees, customers, students, and other stakeholders. Protecting UBI preserves the company’s ability to thrive and reduces the likelihood that it will be exploited for financial gain. Protecting PII from the threat of unauthorized use is also vital to the company’s livelihood.

Understanding this multi-faceted responsibility is central to a successful data security plan. Develop a plan that takes into consideration the differences and similarities of both types of data, and train employees to properly handle both UBI and PII. This could be part of a waste, fraud and abuse prevention program. The program should not be stagnant – where employees read the rules and then everyone forgets about them – it must be active, audited and kept up-to-date.

A data security plan is not merely a response plan, but also a pre-emption plan. All businesses should limit the amount of sensitive or confidential data they collect and store to what is actually needed or required by law; old and outdated information should be purged from the system on a regular basis.

Tags: PII, protecting information, UBI

Categories: Data Security Planning.