Why is PII Compliance so important for businesses?
State governments have implemented their own sets of compliance regulations for businesses who collect Personal Identifiable Information (PII) from their customers while engaged in commerce. PII can be things like a customer’s name, their physical address, their email address, social security and driver’s license numbers, etc.
The idea behind these compliance regulations is they help protect residents from things like identity theft and fraud abuse. If the company is complaint, that data should be secure and the resident is safe.
Multiple states have instituted their own PII Compliance standards over the past decade including the Commonwealth of Massachusetts and the State of California. (Massachusetts’ 201 CMR 17.00 and California’s Civ. Code § 1798.82) to name a few.
Businesses located in states with out a set PII Compliance standard but do business in a state that does, must comply to that state standard or risk penalty.
Penalties vary from state to state, but ultimately it’s very expensive if you’re found to not be in compliance. Let’s use Massachusetts’ 201 CMR 17.00 as an example. Costs for violating PII Compliance in the Commonwealth are:
- $100 per record with a maximum $50,000 cap for each instance of improper data disposal
- $5000 per violation
- Prosecution by the Attorney General of Massachusetts Office
Add to that a drop in consumer confidence and you’re looking at a pretty hefty cost if you’re not in compliance.
How Security7 Networks can help your business stay compliant:
To safeguard your businesses’ PII assets, your organization needs a to develop a written corporate IT security policy that defines how IT assets are to be protected, expected employee behaviors, and the consequences of violations.
The experts at Security7 Networks can help you do that. There are seven key steps we take to help ensure you are PII Compliant at all times. They are:
The first step in the process is to perform an audit. Using a trusted 3rd party auditing firm, your IT assets and business processes will be examined and any toxic data collection points will be identified.
While the audit is being performed Security7’s experts will use established compliance standards to prepare a response plan. After the audit results are in and the response plan has been created, we’ll analyze the results to discover any potential problems that may already exist and prioritize remediation based on risk.
Our experts will implement controls and solutions developed specifically to keep you compliant. After implementation we’ll give the solution another pass to identify and risks or problems that may have arisen and we’ll remediate them.
Finally, you’ll be able to generate reports and respond to compliance related enquiries and demonstrate that you are up to date with current compliance standards.