As a business you are responsible for the personal data of your customers and employees. As a matter of law, you are legally required to safeguard this information and ensure that it is handled in a safe manner. However, it’s not always easy to determine what constitutes personal information.

It is important to know that the definition of personal information is different by country and legal jurisdiction. In general, personal information refers to any information that can be used to identify a person. This includes information like the person’s email address or telephone number, however it also includes any other data which can be linked to an individual, thereby making them identifiable. For example, their date of birth or maiden name of their mother biometric data, information regarding visas and passports and credit card information, as well as other sensitive data related to employment (e.g. performance ratings and disciplinary records).

Furthermore, the information must be easily identifiable by other people. If it is difficult for someone else to identify the information, then it is not considered to be personal. This is called the “practicability” test.

The final step to determine if something is private is whether it is about an actual person. This doesn’t include business documents like invoices, orders or any other business documents.

Personal information that is sensitive to the public can be extremely damaging if it is stolen, lost or divulged without authorization. It is essential to educate employees on the importance of safeguarding sensitive PII. It is also important to take steps to safeguard the information even when it’s not in use, such as by logging off computers unsupervised and burning documents on paper. It is also important to regularly review the PII stored within your system and restrict access to individuals who have the need for business to do so.