Skip to content

Personally Information were detected on the system

Personally Information were detected on the system

Description

Personally Identifiable Information (PII) is, according to NIST Special Publication 800-122, a collective term for any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Recommendation

  • Securely delete PII when there is no longer a business need for its retention on the device
  • Do not cache sensitive data
  • Minimize the frequency of asking for user credentials.
  • Minimize the use of APIs that access sensitive or personal user data
  • Consider a logical way to hash the user data
  • Some jurisdictions may require you to provide a privacy policy for accessing personal information.

Standards

  • OWASP_MASVS_L1:
    • MSTG_ARCH_12
  • OWASP_MASVS_L2:
    • MSTG_ARCH_12
  • GDPR:
    • ART_32
    • ART_25
  • PCI_STANDARDS:
    • REQ_3_2
    • REQ_3_3
    • REQ_3_5
    • REQ_3_6
    • REQ_3_7
    • REQ_4_2
    • REQ_6_2