Risks of Sending PII

State employees exchange information of various types with external, non-State entities via email every day. We need to be confident that you are performing this service safely and protecting the information being exchanged.

Personally identifiable information (PII) is information which can be used to steal an individual's identity. This information includes their name, social security number, date of birth, etc. Sensitive PII is defined as “PII which, when disclosed, could result in harm to the individual whose name or identity is linked to the information”. Sending messages including this PII data to non-State entities should only be performed using encryption email services, or not sent at all.

BIT has recently announced a no-cost service to State agencies that will encrypt messages containing PII. This email service is called Voltage. Recently, BIT began reporting e-mails being sent containing un-encrypted Social Security Numbers to addresses external to the State e-mail system. The number of these emails were much greater than anticipated. Based on these findings, we are offering assistance in promoting the use of the Voltage email encryption application. Sending un-encrypted PII may seem harmless, however state users transmitting unencrypted PII is risky to the individual and to the State:
  • Risk to the individual, citizen:
    • Information could be used to impersonate the citizen
    • Information could be sold on black market
    • Information could be used in accessing other systems / accounts
    • Medical data should be treated as private and remain secured 
    • Bank or financial information could be used to get at personal accounts / credit
  • Risk to the State
    • In the event any citizen data is compromised, the State’s reputation can suffer (press, perception of incompetence)
    • The compromise could be very costly to the State (lawsuits, mitigation, fines)
    • Betraying the citizen’s trust in the State of South Dakota
If you would like more information on the Voltage email encryption service, please contact the BIT Help Desk or your BIT Point of Contact.
 

Popular Posts