your passport to all things web
New Definition of PII
Although this is not yet in Pennsylvania, we can assume that it is coming. This “could” affect your department and changes should be made now to comply to avoid issues in the future.
States enact laws mandating that either a username or email address constitutes Personal Information when combined with a password or security question and answer that would permit access to an online account.
More information concerning state defined Personal Information
And, to make things even worse, the states are publicly posting the companies that experience a breach. At the very least that makes the breached company even a bigger target not to mention the negative publicity of permanently having your name on such a list.
States posting companies who have had data breaches
If you have any questions about the potential impact of the above or if you need help adjusting current policies to comply with these new standards, please ask your IT/Security expert.
PS – We are still getting the bugs worked out of this new delivery system, so please extend us the courtesy of your patience. We believe that delivering brief security warnings on a more regular basis will help keep our data safer and improve our collective intelligence concerning Internet security.