Skip to main content

You are here

Advertisement

Sharing PPI? Be Careful

BY
John Iekel
August 20, 2021
Practice Management

One of the many consequences of the global pandemic is that there is a spotlight shining on the importance of virtual security. And that includes sharing personal protected information (PPI), argues a CPA firm. 

In the pre-COVID world, says Cassell Plan Audits in its blog, many companies had maintained records relevant to plan audits on paper and had steps in place to protect their security. But enter a time in which it was far more likely that audits would entail virtual and not-in person examination, and suddenly security protocols that covered paper records were insufficient.

That has implications for more than the participants whose data is involved. Not only is virtual data security relevant to international trade, it also is part of fiduciary duty, Cassell notes. But it was not unusual for companies to forget that responsibility in 2020, Cassell reports in “Sharing personal protected info online? Here’s what NOT to do.” In fact, they say that one of the errors they found most often in 2020 was poor data security in the course of virtual activity. 

They offer some tips for better protecting the security of PPI when transmitting data electronically. 

  • Don’t send PPI via email. Its convenience is a siren song, they suggest, since even if a company closely controls its email, that control does not extend beyond the company system and that data could be at risk at the hands of outside parties. 
  • Be sure to use secure portals. Cassell suggests implementing a system that requires a recipient to log in and create an account in order to view data. 
  • Insist on data security protection from third-party partners. It is reasonable, they argue, to ask partners to use a secure portal if they don’t already. And they suggest obtaining confirmation that those handling data understand the security steps that are in place. 
  • Remember that PPI entails more that one may think. Understanding the term “personal protected information” is key to improving online security, Cassell argues. Not only that, they say, sensitive information also includes addresses and phone numbers—it’s more than just Social Security numbers and compensation data.

“A good rule of thumb,” says Cassell, is to regard any information that can identify an employee as PPI—and treat it accordingly.

You might want to check out…

Department of Labor Releases Final Investment Advice Fiduciary Rule
4/23/2024
John Sullivan
Action Steps for Better Aligning Benefits and Employee Needs
4/23/2024
John Iekel
Aligning Retirement Benefits and Employees’ Needs
4/19/2024
John Iekel
0 Comments
Discussion Policy

Advertisement

Most Popular

State-Sponsored Savings Programs Reach $1 Billion in Assets
12 Key Elements in the IRS SECURE 2.0 'Grab Bag' Notice
IRS Releases Q&A Guidance on Key SECURE 2.0 Provisions
High-Profile Retirement Plan Policy Experts Join State Plan Push
Biden Administration Officially Unveils Retirement Security Rule Proposal

Recent Headlines

Nominations Now Accepted for the 2025 ASPPA Leadership Council
DOL ‘Abandoned Plans’ Guidance Moved Off OMB Dashboard
Action Steps for Better Aligning Benefits and Employee Needs
Department of Labor Releases Final Investment Advice Fiduciary Rule
DOL to Release Final Investment Advice Fiduciary Rule on Tuesday

Recent Comments

2024-2 SECURE 2.0
Is there a link to the survey?
Great article. Ending made me laugh, even on 3-13, and despite the seriousness of the subject.
On her X {Twitter} account, Teresa Ghilarducci issued a flat denial on 5 March 2024 saying she...
Despite claims in the article, I am familiar with more than a few who “replace a very high...