Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Interested in how other companies manage PII data risk?

Steve Dollard

We are an iSeries DB2, 9.2 apps and 9,2,2,4 tools shop. I am curious to find out how others are managing their risks with PII data? Our internal standards are:

• PII Data is encrypted at rest and in-transit.
• PII Data is not used for any purpose than the original purpose.
• Access to PII data is restricted to "Need to Use".
• PII Data is promptly purged after the original purpose has been met.
• PII Data is not copied or replicated (other than for HA and DR), which means EXCLUDED from moving into BI.
• PII Data is not copied to non-production environments.

The encryption and DON'T COPY requirements seem to be the biggest concern.

I would like to hear how others are accomplishing this.

Thanks,
Steve

3 Posts
399 Views

Steve Dollard

@Jim Demes Thanks for the feedback.

Jim Demes

@Steve Dollard A few things we do off the top of my head:

Role based security
Application security on running P0030A Bank Accounts by Address (and only one role can add/change/delete)
Column security to restrict viewing bank account/bank transit fields on F0030
Column security to restrict viewing Tax ID in F0101/W03013B/W04012A
Do not copy F0030 records to data warehouse
Do not copy Tax ID for individuals to data warehouse
After copying data to non-production environments, we run a set of SQL updates to remove individuals' bank accounts and tax IDs