Is this PII?

CatB · September 6, 2019, 10:59pm

Is a person's full name and billing address considered "Personally Identifiable Information" (PII) in the sense that I am obligated to protect it?

I am working on an ecommerce site, and would like to retain a customer's full name, billing address and tele # in case I need to contact them and to help identify them as a person.

Not sure if there are any special legal considerations in doing this.

(I would never store peoples payment information like credit card #s )

robert_volk · September 7, 2019, 12:19am

Better safe than sorry, suggest you take steps to protect that data now. Imagine if it were your data, or your family's data, and what would happen if that data were breached?

Think hard about really needing a phone number and address. If you are shipping physical items, then it makes sense. But if you're only selling e-goods and they'll be paying by credit card or another electronic payment method, you probably won't need to store that data. Email address would be sufficient, and you should encrypt that or hash it.

There is GDPR in effect for EU citizens as of May 2018, and the California data protection act to take effect January 2020. Other US states are considering similar legislation.

CatB · September 7, 2019, 12:42am

So you have to hash or encrypt a tele #??

If so, then how would I know what the hashed tele # is?

yosiasz · September 7, 2019, 12:42am

Encrypt the data row, encrypt the backup files, encrypt as data flows through the wire

robert_volk · September 7, 2019, 11:05am

Encrypt it if you need to retrieve the actual value for some reason. Hash a value if you only need to compare or validate an input, for example a password.

If you're only using telephone number to identify someone uniquely, and you'd never actually contact them with it, better to hash it.

For GDPR and other regulations, you may receive requests to remove data and be able to confirm it was removed. You can remove an encrypted value and still keep a hashed value for comparison. That way the hashed value can't be reversed to reveal the actual value.

CatB · September 7, 2019, 6:33pm

I am all for data privacy, but when I think of data privacy I think of things like Social Secuity Number, Date of Birth, Passwords, etc.

Are you telling me that I have to encrypt or hash a customer's tele # and billing address when they give it to me during a purchase?

I would like to keep that info on file to protect me and so I can identify people - for example maybe I want to call a customer to verify that they are who they say they are.

robert_volk · September 9, 2019, 11:49am

You can certainly do that, as long as you keep it secure. The point is not to think only of how you would use the data, but how a cybercriminal would use that data if/when your database is breached. Never assume whatever safeguards you have in place will protect the data from being stolen.

If you haven't read up on GDPR or the California Consumer Privacy Act, you should do so. Both identify pieces of information considered to be personally identifiable and/or sensitive. They also list the criteria covering data collectors and processors and their required level of compliance. Assuming you need to comply (and you should) you not only have to keep the information secure, but also have processes in place to provide it and/or remove it on request.

uberbloke · September 9, 2019, 1:59pm

I'm affected by GDPR so what the others have said, plus....

The basic principle is to store the least amount of private data you can, and for as short a time as possible, in as secure a way as possible...And be prepared to justify your decisions.

Should you be investigated/audited you will need to be able justify decisions that have been made...

E.g. as an ecommerce site...
Is it OK to store the delivery addresss of an order?
Yes (may be required for dispute resolution etc as well as label printing)

Is it OK to continue to store the delivery address of orders over 7 years old.
Err... Be prepared to justify this.

Is it OK to store the address of a person?
Possibly Do they place repeat orders? Have they given permission?

Is it OK to store the addresses you know are incorrect / old?
Is it OK to store the address of a person who has not placed an order for 7 years?
Err... Be prepared to justify this

There are lots of other things to consider as well...

For example, you receive a "forget me" request... and comply
But are you also supposed to have removed that data from your backups, your transaction logs?
Have you contacted the dispatch company used to ensure they do the same ... you HAVE audited the dispatch company to ensure that their GDPR procedures are in place and compliant, because if you are sending them personal data you should have done... and on and on and on...!

The biggest problem is that this is all new and GDPR has yet to be tested properly via a court case, expect the requirements to become much clearer once it has been tested in court and a prison sentence for breaching has been handed out.

The UK data commissioner has a good guide

CatB · September 9, 2019, 9:46pm

Thanks for the thoughts @robert_volk and @uberbloke.

Yes, I will read up on GDPR and the California Privacy Act in good time, but any help/direction you can provide here would really be appreciated.

I am trying to get a business started and it has been dragging out for nearly a decade. I am in the homestretch and have to balance researching the future with getting a live site this lifetime?!

Okay.

My website is part online newspaper, part online forum and part ecommerce site.

From a design standpoint, one key them is I want to eliminate Internet anonymity and hold people on my website accountable, so ironically, I am actively working to reduce privacy to some degree. At the same time I respect people's right to privacy and security.

In order to post comments or content on my website, people need to be paid members.

And as part of that, I want to take enough steps so that paid members realize they are accountable for their actions (including my strict TOS) and know that they are being watched.

Ideally, when someone buys a subscription/membership, I would like to keep their billing address and tele # on file so that I can communicate with them in case of fraud concerns. Also, I would like to use this info to do "phone verification" and "mail verification" if required. (e.g. I mail you a letter or call you and require you to respond to prove you are you.)

Probably sounds pretty radical, but I will not tolerate spammers or trolls or punks or criminals on my website!

So can you give me a general idea of how I might be able to do those things and not have to spend $1 million like some major bank?

I would like to think there is a path to hep me accomplish what I want and yet protect my customers' data?!

Hmmm...

What is a dispatch company?

Let's hope it is attainable for small companies?!

Thanks!