The Federal Government (FCC, DOL) and State Compliance Offices can issue large fines to Organization’s that transmit Protected PII without proper procedures in place to secure these transmissions. Accounting firms have a fiduciary responsibility to clients and their employees and participants to ensure Protected PII is properly secured.
The Department of Labor defines Protected PII as Personally Identifiable Information which, if disclosed, could result in harm to the individual whose name or identity is linked with this information.
The Department of Labor notes that examples of Protected PII include, but are not limited to:
Non-Sensitive PII is only considered protected if linked with other Protected PII. Examples of Non-Sensitive PII are:
Fund fiduciaries, under the Employee Retirement Income and Security Act of 1974 (ERISA), are obligated to protect PII of plan participants. Each Fund should have effective controls in place including procedures for storing and sending data, keeping computer systems updated and secure, ensuring all personnel with access to PII are trained in properly safeguarding PII and considering privacy and security factors when selecting service providers.