Personally Identifiable Information (PII) is any information that can be used to single out and identify an individual or trace their identity.

Examples of PII are:

  • Social Security Numbers
  • Driver License Info
  • Passport Info
  • Medical Records
  • Financial Records
  • Bank account numbers
  • Addresses
  • Contact Info
  • Family Contact Info

Many small businesses process large amounts of PII in their daily operations. This framework's write-ups on Data Classification and Data Handling provide guidance for proper handling and storage of PII. This page is dedicated to masking PII in regular communications.

There may be scenarios where you need to share documents either internally or externally, but those documents contain bits of PII within them. Disclosing this PII could result in severe legal consequences for your organization. To avoid this, make sure to redact the PII.

There are many solutions for sensitive information redaction. I use an open-source tool called Cover Up. This tool makes the process about as easy as it can be. When using Cover Up, ensure that you save the redacted document as a new file. Cover Up will always save your work in PDF format. If you leave the same copy of a document intact with the information redacted, there is a chance that an attacker could load the file into the save program and use features of that program to remove the black boxes.

Example of PII redaction with Cover Up

There may be times when you want to transmit a piece of data that contains no PII, but is still sensitive to your business operations. You may feel uncomfortable sending this data out over an unsecured network like the Internet. In that case, you can use steganography tools. Steganography enables you to embed sensitive files within a cover file, usually an image. You set a password to retrieve the hidden file and share it ahead of time with the recipient. When the recipient receives the cover file, they are able to enter the password and extract the true sensitive file stored inside the cover. However, to any attacker looking in on the data transmission, they will only see the cover file.

OpenStego is an open-source steganography tool that can be downloaded here. It is very straightforward to configure and use for any purpose that you feel requires steganography.