The Ethical and Legal Implications of Information Systems

Personally Identifiable Information

Information about a person that can be used to uniquely establish that person's identify is called personally identifiable information, or PII. This is a broad category that includes information such as:

  • Name;
  • Social Security Number;
  • Date of birth;
  • Place of birth;
  • Mother‘s maiden name;
  • Biometric records (fingerprint, face, etc.);
  • Medical records;
  • Educational records;
  • Financial information; and
  • Employment information.

Organizations that collect PII are responsible to protect it. The Department of Commerce recommends that "organizations minimize the use, collection, and retention of PII to what is strictly necessary to accomplish their business purpose and mission". They go on to state that "the likelihood of harm caused by a breach involving PII is greatly reduced if an organization minimizes the amount of PII it uses, collects, and stores". Organizations that do not protect PII can face penalties, lawsuits, and loss of business. In the US, most states now have laws in place requiring organizations that have had security breaches related to PII to notify potential victims, as does the European Union.

Just because companies are required to protect your information does not mean they are restricted from sharing it. In the US, companies can share your information without your explicit consent, though not all do so. Companies that collect PII are urged by the FTC to create a privacy policy and post it on their website. The State of California requires a privacy policy for any website that does business with a resident of the state (see http://www.privacy.ca.gov/lawenforcement/laws.htm).

While the privacy laws in the US seek to balance consumer protection with promoting commerce, privacy in the European Union is considered a fundamental right that outweighs the interests of commerce. This has led to much stricter privacy protection in the EU, but also makes commerce more difficult between the US and the EU.