Protecting Personal Business Information


The term “personal business” refers to the activities or tasks the individual or company manages on their own, like managing finances, completing household chores, or keeping appointments. It could also refer to the creation and management of a business according to one’s capabilities and interests as an individual or sole proprietor.

While data privacy laws differ across countries and states Most have similar definitions of what is considered personal information. The CCPA and Connecticut’s law for example, describe personal data as information that is reasonably linked to an identifiable individual and is not restricted to de-identified data or publicly available information. The CCPA also provides a category for sensitive personal data that requires greater protection than any other form of data.

It is important to know how much information is stored in your business and where it’s stored. This can be accomplished by taking a complete inventory of all documents, files and storage devices. This should include every desktop, file cabinet, mobile devices, laptops and flash drives, disks and digital copiers. Don’t forget to examine the locations where sensitive information might be stored outside your office, such as employees’ homes computer work-from-home devices, their computers at home and other devices.

PII that is sensitive needs to be encrypted during transport and when at rest, and only kept for as long as it is necessary to conduct business. This includes biometrics, medical data covered under the Health Insurance Accountability and Portability Act(HIPAA), unique identifiers like passport or Social Security Numbers and employee personal records.