Collection and Retention:PII should only be collected and retained when absolutely necessary to minimize the risk of unauthorized access. Disposal:Once PII is no longer required, it should be deleted to minimize the risk of unauthorized access. Untrustworthy Sources:PII should not be ...