Full name
Address
Identify number
Credit card numbers
Telephone
....
First or last name
Country, state, post code
Age
Gender
Medical records
Criminal records
....
of non-protection
SONY PSN services 102 million records
Heartland Payment Systems 130 million records
$ 171 million to cleanup
130 million credit and debit cards
Dropbox 68 million email and passwords
File leak from employee account
Deep Root Analytics leaked 200 million records
63% population of America
2017 Cost of Data Breach Study
$ 141 - the cost of each record
Employee needs PII data to do their job
Regulatory mandates
Rules and policy for data transfer
Data vulnerabilities
Data on mobile, portable devices
Transfer data to 3rd parties?
Data aggregation and backup
User agreement
Find
Arrange
Create
Educate
1. Consider whether it is actually, collect and hold only necessary
2. How PII will be handled by embedding privacy
4. Take appropriate steps to protect PII that you hold
5. Destroy or de-indentiy the PII when no longer needed
3. Collect new risks and innovate business usual
STORE
PROCESS
TRANSMIT
PII is a big part of Build Security in DNA in Thoughtworks.
Build that is a long-term work, which requires all people are aware of the significance, with the policy, law and long time cooperation.
Protect the PII is protecting the company itself.
Inspection
Architecture
Development
QA & Release
Sales would like to verify the email is sent to consumer with the correct content in system
We should detect the PII and define policy, PII should be invisible in this case.
Yea, the tax account, specify url, user name, numbers, financial information.
And we also want a audit function to trace someone check the content.
A lot changes, for example we'd replace the sensitive data with asterisk, all records should be checked and replace before go to the data store.
Sometimes sales sent wrong email to consumer which expose another consumers personal information, and according to our PII policy we should avoid this.
Developers log user's actions in our log center, username email and the other PII info could be found in 3rd service with a simple search.
We have a lot of systems expose PII info to employee, a trace function will help us to find out the data leak source. For example, record who view this data.
Double Review System
Log assertion for instead
Cleanup
Add stamp for resource
Record action
How do we deal with agreement, we should notice consumer it changes in different devices, and refuse to serve without confirmed.
Update agreement push strategy