closeup photo of eyeglasses

Is It Worth Keeping? Understanding High vs Low-Value PII

One of the most effective mitigation strategies for reducing the risk and damage of potential data breaches is to downsize the amount of customer PII that your business is retaining.

No matter what your industry might be, Personal Identifiable Information (PII) is an element that’s present in almost every business. However, not all of that data is of value to your business. Many organizations are in fact  collecting and retaining enormous amounts of incoming customer data; some of which holds no value for their company and only serves to increase their risks and liabilities, if a data breach were to occur. If you haven’t analyzed the value of your stored PII with a lens of reducing reputational risk, now is the time to start.

Applying Value to Data Collection

As we discussed in our Marketing Blindspots Whitepaper, one of the most effective mitigation strategies for reducing the risk and damage of potential data breaches is to downsize the amount of customer PII that your business is retaining.

But how do you know which data is worth saving for future use, and which information offers no long-term value for your business?

The key is to follow BKJ’s ‘Four Steps of Data Evaluation’ (also outlined in our Marketing Blindspots Whitepaper). Specifically, this involves focusing on Step 2 – Assessing the role each type of data plays in your business strategies.

If you’ve followed Step 1 and analyzed the scope of all the data that your business is collecting, then you should have a clearer picture of exactly which types, and the volume of each type of PII you’re currently retaining.

There’s no general right or wrong answer for the types of PII that could hold value for your business. It really depends on how you’re going to use them. Email addresses, for instance, can be used in future marketing campaigns, while IP addresses are useful for identifying geo-specific sales targets.

However, if you’ve been collecting customer phone numbers, but have no intention to run cold-calling campaigns or set up text push notifications, this could be an example of low-value PII you’re collecting, which only increases the risks and liabilities you’ll face in the event of any future data breach.

Be Your Team’s Hero with Proactive PII Planning & Processes

We've seen a continued escalation in the number of data breaches across virtually every industry since 2020, when the COVID-19 pandemic changed the way the world interacts.

The Identity Theft Resource Center (ITRC) reported an all time high in US data breaches in 2021, and a 41.5% increase in victims impacted in 2022. Cyberattacks are the main source of these data breaches. Most recently, IT Governance reported a 951% annual increase in the number of records compromised by cyberattacks worldwide in March 2023. This is an alarming trend, particularly as the importance of our individual ‘digital identities’ continues to grow with each year.

Digital products and platforms are becoming easier to use all the time. And yet, it’s crucial that security and marketing teams work together to ensure that they’re avoiding unnecessary stockpiling of these types of data.

Taking a proactive approach to PII planning, creating processes to reduce unwanted PII collection, and paring back on stale or low-value PII, are the first steps toward protecting your business from any future data breaches you might face.

In turn, some thoughtful preplanning and collaboration between your team and the experts at BKJ could save your business from facing a costly event down the road – both financially and reputationally.