Smarty and Personally Identifiable Information
PII (Personally Identifiable Information) is any information that permits the identification of an individual either directly or indirectly. What is considered to be PII varies based on industry, location, and how pieces of information are combined.
PII may include things like phone numbers, names, email addresses, social security numbers, and dates of birth.
The General Data Protection Regulation (GDPR) and The California Consumer Privacy Act (CCPA) are laws that originated to give people more control over their personal information.
Smarty (formerly SmartyStreets) takes these laws and users’ PII seriously and offers 3 effective privacy solutions to protect user privacy:
Submit Address-Only Lists
Smarty only needs an address file in order to parse, standardize and validate addresses. We don’t need any PII to validate an address and companies don’t want to share it either. Smarty is serious about security and we encourage users to send only necessary data.
Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” and that certainly applies to sending out PII will-nilly. If you don’t send out PII, you never have to worry about it getting into the wrong hands.
Sensitive PII Redaction
In the event a user does send us personally identifiable information in their address list, upon receipt, Smarty enterprise plans will seek out and eliminate any sensitive PII found. We look for data that is patterned like phone numbers, birthdays, social security numbers, and emails. We then redact that information prior to logging. Address data alone is not considered sensitive PII and is therefore logged for accounting and analysis purposes.
Enhanced Data Privacy
Enhanced Data Privacy also commonly referred to as "incognito mode" is an optional feature in the Platform that a Client may elect to purchase that prevents Client Data and or Personally Identifiable Information (PII) from ever being logged at the point of submission or Provider's APIs.
Client Data submissions are accessed only momentarily in Random Access Memory (RAM), just long enough to process and deliver results back to the Client. Upon completion of the process, any residual Client Data in the system's RAM is dumped or "garbage collected" and written over by subsequent transactions.
Sensitive PII Redaction and Enhanced Data Privacy look pretty similar. That is because they are very similar. Here are the differences in simple terms.
Sensitive PII Redaction is where we black out any PII with a metaphorical, big, black permanent marker and we leave the anonymized addresses in our logs. Enhanced Data Privacy is where we throw your entire request, addresses, PII, and all into the gaping maw of an active volcano and use a Men In Black style Neuralyzer on ourselves to wipe the event from our memories entirely.
To determine which of these options is best for your company, please contact our Enterprise Sales Team. They can help you evaluate the options and decide which solution is best for you.