ABSTRACT
This chapter reviews the security issues surrounding Personally Identifiable Information (PII). Organizations may experience harm as a result of a loss of confidentiality of PII maintained by the organization, including but not limited to administrative burden, financial losses, loss of public reputation and public confidence, and legal liability. A breach of the confidentiality of PII at the low-impact level would not cause harm greater than inconvenience, such as changing a telephone number. An organization that is subject to any obligations to protect PII should consider such obligations when determining the PII confidentiality impact level. Doxxing refers to gathering an individual’s PII and disclosing or posting it publicly, usually for malicious purposes such as public humiliation, stalking, identity theft, or to target an individual for harassment. Doxxers may use hacking, social engineering, or other malicious cyber activities to access personal information.
