In recent years, the hardship of preventing and containing the loss of sensitive data has done nothing but increase for many organizations. Incident rates are on the rise, organizational liability is high, and the risk of identity theft is pervasive. Particularly vulnerable are industries and organizations bound by work processes and procedures that involve the acquisition, processing, retention, transmission and destruction of what information security professionals have dubbed Personally Identifiable Financial Information (PIFI) and Personally Identifiable Health Information (PIHI). More generally, this data is referred to collectively as Personally Identifiable Information (Pll).
Pll is all of the sensitive and nonpublic customer information an organization possesses. Some examples include: Social Security numbers, credit card information, insurance numbers, driver's license numbers and medical information specific to an organization's employees or the consumers to whom it provides service.
As consumer bases and organizational services expand, the amount of data and Pll retained increases. And as an organization processes and/or maintains more Pll data, the more at-risk it becomes for incidents of data leakage. Data leakage refers to situations in which sensitive or otherwise confidential data escapes organizational infrastructures, making that data vulnerable to potential unauthorized disclosure or malicious use. Mitigating the risks of handling such data and leakage can be an expensive undertaking.