Personally Identifiable Information (PII) is any information that can identify an individual and possibly lead to identity theft or fraud. All businesses have PII, it comes from customers, employees, and vendors and is usually found in every department. It can be as obvious as a social security number or just an email address or phone number.

Protect Your Organization, Your Employees and Your Customers

Many laws cover the retention and/or destruction of PII, breach and consumer notification protocol. Your responsibility for data protection encompasses all paper records and electronic files containing PII.

Mandatory PII Security Program for Florida:

FLORIDA: 501-171(2). REQUIREMENTS FOR DATA SECURITY: Each covered entity and their third-party agent must take reasonable measures to protect and secure data in electronic form containing personal information.

Related Statutes and Laws:

Florida:

  • FL STAT § 282.318 INFORMATION TECHNOLOGY SECURITY ACT
  • FL STAT § 322.143 USE OF A DRIVER LICENSE OR IDENTIFICATION CARD
  • FL STAT § 408.051 FLORIDA ELECTRONIC HEALTH RECORDS EXCHANGE ACT
  • FL STAT § 501.171 SECURITY OF CONFIDENTIAL PERSONAL INFORMATION

South Carolina:

  • S.C. CODE § 39-1-90 BREACH OF SECURITY OF BUSINESS DATA; NOTIFICATION; DEFINITIONS; PENALTIES; EXCEPTION AS TO CERTAIN BANKS AND FINANCIAL INSTITUTIONS; NOTICE TO CONSUMER PROTECTION DIVISION
  • S.C. CODE § 37-20-180 RESTRICTIONS ON PUBLICATION AND USE OF SOCIAL SECURITY NUMBERS; EXCEPTION
  • S.C. CODE § 37-20-190 REQUIREMENTS FOR DISPOSITION OF BUSINESS RECORDS; EXCEPTIONS
  • S.C. CODE §§ 38-99-10 – 38-99-100 SOUTH CAROLINA INSURANCE DATA SECURITY ACT
  • S.C. CODE § 59‑1‑490 SOUTH CAROLINA DEPARTMENT OF EDUCATION DATA USE AND GOVERNANCE POLICY
  • S.C. CODE §§ 44‑115‑10 – 44‑115‑140 PHYSICIANS’ PATIENT RECORDS ACT

North Carolina:

  • N.C. GEN. STAT. §§ 75-60 – 75-66 IDENTITY THEFT PROTECTION ACT. REFERENCED CITATIONS WITHIN THE IDENTIFY THEFT PROTECTION ACT:
    • N.C. GEN. STAT § 75-1.1
    • N.C. GEN. STAT. § 14-113.8(6)
    • N.C. GEN. STAT. § 14-113.20(B) DEFINING THE TERM “IDENTIFYING INFORMATION”
  • N.C. GEN. STAT. § 58-2-105 CONFIDENTIALITY OF MEDICAL AND CREDENTIALING RECORDS
  • N.C. GEN. STAT. § 58-39-45 ACCESS TO RECORDED PERSONAL INFORMATION
  • N.C. GEN. STAT. § 58-39-75 DISCLOSURE LIMITATIONS AND CONDITIONS
  • N.C. GEN. STAT. § 132-1.10 SOCIAL SECURITY NUMBERS AND OTHER PERSONAL IDENTIFYING INFORMATION

Georgia:

  • O.C.G.A. §§ 10-1-910 – 10-1-912 NOTIFICATION REQUIRED UPON BREACH OF SECURITY REGARDING PERSONAL INFORMATION 
  • O.C.G.A. § 10-1-393.8 PROTECTION FROM DISCLOSURE OF AN INDIVIDUAL’S SOCIAL SECURITY NUMBER
  • O.C.G.A. §§ 10-15-1 – 10-15-7 DISPOSAL OF BUSINESS RECORDS CONTAINING PERSONAL INFORMATION; HANDLING OF RECEIPTS FOR CREDIT CARD TRANSACTIONS; PROHIBITED ACTIVITIES INVOLVING MAGNETIC STRIP OR STRIPE ON PAYMENT CARD
  • O.C.G.A. §§ 20-2-660 – 20-2-668 STUDENT DATA PRIVACY, ACCESSIBILITY, AND TRANSPARENCY ACT
  • O.C.G.A. §§ 31-33-1 – 31-33-8 HEALTH RECORDS 
  • O.C.G.A. § 33-24-57.1 HEALTH INSURANCE IDENTIFICATION CARD; ISSUE REQUIRED; CONTENTS; UPDATING; SOCIAL SECURITY NUMBERS NOT TO BE DISPLAYED 
  • O.C.G.A. § 46-5-214 ACTION IN EVENT OF TELEPHONE RECORD SECURITY BREACH

The SSBRM Readiness Pro Edition, powered by CSR, will help your business reduce the risk of a data breach, and in the event of an actual or suspected breach, CSR takes the headache and hassle out of the legal requirements to report the loss or breach of PII to an ever-increasing number of authorities, as well as mandated notification to your customers.

How it works

Watch CSR’s Breach Reporting Service Video

Learn why reporting and notification is mandatory, how the service works, and who the experts are behind it.

Important to know: when reporting a breach, a customer calls and leaves a detailed message for CSR. In 2 hours or less a CSR Representative will contact you regarding the incident.