Having read Andy Rainforth’s recent piece on ‘People Data’ I thought it might be useful to provide a little background as to what this actually is and why it’s important.

Personally Identifiable Information, or PII, is a term that was first coined in North America. Others refer to PII as ‘Personal Data’, ‘Personal Information’ or ‘Sensitive Personal Information’ (SPI).

At its basic level, PII refers to any information that can be used to identify a specific individual, moreover, to distinguish one individual from another. Of course this information is broad and varied, from that this is deemed to be in the public domain, such as public records, phone books and (depending on your privacy settings) social media; right through to the most sensitive information such as medical records, financial information and biometric data.

In this regard, the description of SPI starts perhaps to be more useful than the broader PII, as attempting to protect ALL PII would be akin to locking the stable door after the horse has bolted. At Grosvenor Technology, and for the purpose of the Human Capital Management (HCM) market we serve, we refer to ‘People Data’. By this we mean data that people would expose in the course of their employment, (such as presenting a fingerprint to a time clock) but that they would not want to lose control of.

People Data by our definition includes; All biometric data: retina or iris scans, voice signatures, fingerprints or facial geometry. Other SPI including: PIN numbers and proximity / bar-code / mag-stripe cards.

We believe People Data should be encrypted and protected, whether that data is at rest or in transit. From the moment it leaves the person who it identifies, and it captured on a device, it should be safe. It should be secure. We include this ‘safe and secure’ methodology in our GT Connected Services offering, where all our edge devices are monitored in real time, in a highly secure environment.

In the same way that no two individuals share an identity, no two HCM manufacturers have the same approach. The good news is that there are some very simple steps you can take to avoid potentially costly and damaging data breaches.  If you have an existing HCM or Time & Attendance solution, ask your current provider to issue documentation that ensures the liability for protecting all People Data sits with them.

To check the regulations and legislation that apply in your specific region, contact us today for your free guide to complying with PII requirements.


Colin Leatherbarrow
Technical Director