Some things deserve a proper delivery. Birthday greetings, bad news, any message over 1,500 characters and most importantly – PII. That’s “Personally Identifiable Information.”
PII can be any of the things that come immediately to mind such as social security or government id numbers, bank account and credit card numbers or fingerprints. But, PII can also be an individual’s name, address, race and education information.
While sharing a name and home town on a social media site doesn’t itself pose a risk, when pieced together with other available details, like the ones necessary to process visa applications or to lease apartments the combination can pose a real threat.
A Visa Applicant sends a scanned passport copy to the processing team. Each processing team member has a personal computer and a mobile device. That one email quickly creates 6 additional copies of the passport, or six different vulnerabilities to a security breach. If the original recipients share or copy the email to two or three others, by the example below, at least 10 additional copies are created. One email containing a passport shared with 10 people each having 2 devices = 20 copies of the passport. Add in the 4 copies that reside in the Sent folders and now there are 24 copies in the online world.
Why is this concerning?
If the email has not been encrypted or the file password protected, it can be accessed by anyone who recieves it. Here are a few common scenarios:
- Recipient 3’s mobile device is lost or stolen. The passport information will be accessible to whomever finds it.
- Recipient 10’s email provider has a security breach, and the laptop has been infected by a virus, malware or spammer. Common activities for these intrusions include stealing data, duplicating emails and sending out multiple replicas or holding data ransom – all of which could further expose the sensitive PII contained in the passport.
- The individual whose passport it is, decides per her/his rights under GDPR to request their passport be deleted from the recipient’s system. This would be impossible in the scenario above.
Protecting the information of our clients and assignees is a top priority involving strict policies, technology investments and ongoing team training to name a few.
One of our important tools in delivering on our professional and legal commitments is Immigrate, the system we use for our Visa and Immigration services. The Immigrate portal permits an easy way to provide essential visa application and renewal information while keeping it secure. By uploading a passport to Immigrate instead of sending an email as in the example above, no additional copies are created and access to the passport are limited to those with permission to view it. We can see who accessed it because all activity is tracked and should anyone permeate the protections, the data encryption makes it impossible for the information to be acquired.
Relo Network Asia’s incorporation of Immigrate is just one more example of our committed in both practice and policy the ensuring assignee safety in every step of the relocation process.