As a business you are responsible for the personal information of your clients and staff. According to law, you’re required to safeguard the information and ensure that it is used correctly. However, it’s difficult to determine what is considered personal information.

It is important to note that the definition of personal data differs according to the jurisdiction and country. In general, personal information is any information that can be used to identify the identity of a person. This includes information like the name of the individual, email address, or phone number, but also any other information that can be linked to an individual and make them identifiable by their birth date and mother’s maiden name. biometric information including passport and visa details, credit card information, as well as other sensitive employment data (e.g. Performance ratings and disciplinary records).

In addition the information should be reasonably identifiable by others. If it is difficult for others to identify the information, it is not considered personal. This is called the “practicability test”.

The final step to determine whether something is personal is to determine whether it concerns someone who is alive. This is not the case for business information such as invoices or orders.

If sensitive personal information is lost or stolen, or if it is disclosed in any other manner without authorization, it could be extremely harmful. It is crucial to educate employees on the importance of safeguarding sensitive PII. It is also important to take steps to safeguard the information when not in use, such as by logging off unattended computers and destruction of the paper records. It is also important to periodically review the PII stored within your system and restrict access to individuals who have the need for business to do so.

http://www.bizinfoportal.co.uk/2021/04/01/maximizing-your-business-information-portal/