Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Non public personal information

    This message was posted by a user wishing to remain anonymous
    Posted 07-08-2020 11:49 AM
    This message was posted by a user wishing to remain anonymous

    If a TPSP only has access to name and address is that still considered NPPI? or Name and email address?


  • 2.  RE: Non public personal information

    This message was posted by a user wishing to remain anonymous
    Posted 07-08-2020 12:46 PM
    This message was posted by a user wishing to remain anonymous

    Hi.

    If you mean "employee" name and work address (and also work email, work phone, work IP Address, work social media), we consider that Internal Use/Business Contact Information (aka business card information or BCI), not PII.  If "customer" name, address, and/or email, we consider that General PII.

    Hope this helps.


  • 3.  RE: Non public personal information

    Posted 07-08-2020 01:26 PM

    Recommend checking the jurisdiction of the information. PII is tricky. One size does not fit all.

     






  • 4.  RE: Non public personal information

    This message was posted by a user wishing to remain anonymous
    Posted 07-08-2020 01:26 PM
    This message was posted by a user wishing to remain anonymous

    We interpret NPPI is anything you could not find with a Google/public information search.  Name, address, and phone number are in every phone book so not NPPI.  Email address is gray area because there is no directory of email addresses but they frequently become public by nature.  We consider the context of use when deciding.  For example, if a vendor gets a list of email address for marketing/solicitation purposes, which some people might not want, we consider it NPPI.