What is PII?
Personally Identifiable Information (PII), or personal data, is data that corresponds to a single person. PII might be a phone number, national ID number, email address, or any data that can be used, either on its own or with any other information, to contact, identify, or locate a person.
How PII is determined?
In response to businesses collecting and storing more and more individuals’ PII (also known as personal data), individuals and regulators have been applying greater scrutiny to how businesses use and safeguard that data. As a result, various jurisdictions have passed legislation to limit the use, distribution, and accessibility of PII, while allowing companies who need it to manage the data safely.
As PII (or personal data) is a legal concept rather than a technical concept, legislation around PII varies across different jurisdictions. The GDPR in the European Union, HIPAA, and PCI in the United States, state laws like CalOPPA and other data breach laws, and other regulations control what defines PII. Which data is classified as PII may also differ by use case. For instance, depending on the jurisdiction or your use case, IP addresses may or may not be considered PII.
How Blitzz manages PII?
Blitzz takes the management of our customers’ information seriously. We have software, configurations, processes, and guidelines for managing data internally to keep your data safe and secure. Inside Blitzz' systems, we manage data that could be PII in different ways.
- Blitzz is committed to making clear which data is managed as PII in our system to help you make sure your data is managed the right way for your jurisdictions and use cases.
- Blitzz has a Data Protection Addendum which extends the specification of your legal relationship with Blitzz and can help clarify how Blitzz manages data on your behalf.
- If you are in Europe, this document clarifies how we manage data where some parts of your data may originate in Europe. Note: While you may not be in Europe or a phone number may not be European, the person at the other end of the phone could be a European in Europe.
Powerful features like Blitzz' Phone Number redaction, Email Address redaction, and Call Recording Encryption allow you to remove PII or encrypt it so no one can see it but you.
Blitzz manages PII in Blitzz' documentation as though they contain PII, also known as personal information or personal data (Eg. Host login email address, Guest Phone Number, Email Address). This means that the Blitzz engineering team implements appropriate technical and organizational security controls as appropriate to the risk associated with that data.
For example, data will not be visible to Blitzz' employees unless they are acting as a surrogate for you (e.g., debugging on your behalf, with your permission) or have some other legitimate businesses need to access it. As well, values are anonymized or removed when we need to hold on to information for statistical analysis, reporting, and capacity planning - none of which require the PII itself. Names, your end users’ phone numbers, or recordings of video calls and chats are all examples of fields that Blitzz treats as containing PII. Phone numbers that are used to send SMS messages, whether a long code or shortcode, because they are owned by Blitzz, are managed differently from non-Blitzz numbers.
PII management when you leave Blitzz
When you leave Blitzz following a reasonable grace period to allow you to change your mind, all PII data is anonymized or scheduled for deletion from Blitzz' systems where possible after 30 days.
Non-PII fields (Eg. Reference Field) are stored in Blitzz and may be used for counting or other operations as Blitzz runs its systems. These fields generally cannot be redacted or removed.
In some instances, you might be able to control the data in these fields. You should take care not to place PII in fields with this designation. Blitzz does not treat this data as PII, and its value may be visible to Blitzz employees, stored long-term, and may continue to be stored after you’ve left Blitzz' platform.
If you think you need to put PII in these fields, please check with our support team to see if there’s a better way to manage your data.