Sorting diamonds from toothbrushes: New guide to protecting personal information

January 13, 2009,

Thefts of personally identifiable information (PII), such as social security and credit card account numbers, are increasing dramatically. Adding to the difficulty of fighting this problem, organizations often disagree on what PII is, and how to protect it. Now, in a first-of-its-kind publication, the National Institute of Standards and Technology has issued a draft guide on protecting PII from unauthorized use and disclosure.

“You can’t protect PII unless you can identify it,” says NIST’s Erika McCallister, a co-author of the new work. The new NIST publication provides practical guidelines for implementing a basic definition of PII established by the government’s Office and Management and Budget (OMB) in a 2007 memo: “information which can be used to distinguish or trace an individual’s identity”* either all by itself—such as fingerprints, which are unique—or in combination with other information, such as date of birth, which can belong to multiple people but can be narrowed down to an individual in connection with other data.

Echoing former national security advisor McGeorge Bundy, who once stated, “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds,” McCallister and her co-authors observe that, “All PII is not created equal.” A telephone area code holds less specific information about an individual than a social security number, so “you don’t need to protect things the same way,” McCallister says.

The NIST team recommends tailoring safeguards to the level of risk involved in holding personal information. PII should be graded by “PII confidentiality impact level,” the degree of potential harm that could result from the PII if it is inappropriately revealed. For example, an organization might require appropriate training for all individuals who are granted access to PII, with special emphasis on moderate- and high-impact PII, and might restrict access to high-impact PII from mobile devices, such as laptops and cellphones, which are generally at greater risk of compromise than non-portable devices, such as desktop computers at the organization’s headquarters.

The publication also recommends basic actions that organizations should take: identify all the PII they maintain, minimize the amount of PII they collect to what is strictly necessary to accomplish their mission, and develop incident response plans to handle breaches of PII. Such plans would include elements such as determining when and how individuals should be notified, and whether to provide remedial services, such as credit monitoring, to affected individuals.

The publication is intended primarily for U.S. federal government agencies, which must implement certain requirements on handling and protecting PII, but is intended to be useful to other organizations. The publication, known as Special Publication (SP) 800-122, “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII),” is available at the NIST Computer Security Resource Center's draft publication Web page: .

Source: National Institute of Standards and Technology

Explore further: Climate change may be hazardous to your health

Related Stories

Climate change may be hazardous to your health

March 13, 2018

Doctors around the country are already seeing evidence that climate change is affecting the health of their patients. In Florida, people are asking for more medication; as heat waves aggravate their medical conditions, such ...

'Body on a chip' could improve drug evaluation

March 14, 2018

MIT engineers have developed new technology that could be used to evaluate new drugs and detect possible side effects before the drugs are tested in humans. Using a microfluidic platform that connects engineered tissues from ...

The rise of cities in the battle against climate change

March 14, 2018

Cities, home to over half of the global population and responsible for more than 70 percent of global greenhouse gas emissions, are particularly vulnerable to the impacts of climate change. The undeniable imperative to consider ...

The Alps are home to more than 3,000 lichens

March 12, 2018

Historically, the Alps have always played an emblematic role, being one of the largest continuous natural areas in Europe. With its numerous habitats, the mountain system is easily one of the richest biodiversity hotspots ...

Recommended for you


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.