Heather: The importance of protecting PII
Hello, my name is Heather and I'm the Vice President of Security Engineering at Google.
PII is everywhere.
It's a fundamental part of how we are all working online all the time.
If you are using online resources, you are probably putting your PII out there somewhere.
There's some of your PII that lots of people know, such as your name.
And then there's sensitive data that you don't want very many people to know, such as your bank account number or your private medical health information.
And so we make these distinctions often because this kind of information needs to be handled differently.
Everything that we do now, from school to voting, to registering our car happens online.
And because of that, it's so important that we have safety built-in by default into all of our systems. Here's some tips.
You should always encrypt the data as much as you can when it's being stored at rest.
And secondly, when it's transitting over the Internet, we always want to encrypt it using TLS or SSL.
Third, within your company, you should think very clearly about who has access to that data.
It should be almost no one if it's very sensitive.
And in the rare cases where somebody does need to access that data, there should be a record of that access, who accessed it, and a justification as to why.
And you should have a program to look at the audit records for that data.
The most important thing to remember is if you have a situation where PII has been compromised, remember that's someone's personal information and your response wants to be grounded in that reality.
They need to be able to trust the infrastructure, the systems, the websites, the devices.
They need to be able to trust the experience they're having.
For me, that's the mission: To help keep billions of people safe online every day.
No Comments