As an owner of a business, you have to deal with the personal details of your employees and customers. You are legally required to safeguard that information and ensure it is used properly. However, it’s difficult to determine what is considered to be personal information.
It is important to keep in mind that the definition of personal data is different depending on the country and jurisdiction. In general, it refers to any information that could identify an individual. This includes information like the person’s name, email address or phone number, but also other data that could link to an individual and identify them, such as their birth date, mother’s maiden name, biometric information including passport and visa details, credit card information, as well as other sensitive employment data (e.g. performance ratings and disciplinary records).
In addition, the www.bizinfoportal.co.uk/2021/04/15/identifying-the-business-finance-function-you-may-have/ information must be reasonably identifiable by others. If it is very difficult for another person to recognize the information, then it is not considered personal. This is known as the «practicability test».
The final step to determine whether something is personal is to determine if it is about the life of a person. This excludes business information, like invoices or orders.
Sensitive personal information can be extremely harmful if stolen, lost or divulged without authorization. It is vital to educate employees on the importance of protecting sensitive PII. You must also take steps to protect the information when not in use, such as logging off of unattended computer systems and destroying paper documents. It is important to review regularly the PII in your system and to restrict access to those who have a business reason to do such.