Direct answer: The appropriate practice is to clearly label the outside of the drive to indicate that it contains PII, and to include a minimal, non- sensitive identifier inside the drive (such as a README) that documents ownership, handling requirements, and data classification. Do not rely on the drive’s contents alone to convey sensitivity, and ensure that labeling aligns with your organization's data-handling policies and any governing regulations. Details and rationale

• External labeling: Clearly mark the portable drive’s exterior with a concise statement that it contains Personally Identifiable Information (PII). This helps authorized personnel handle the device correctly without needing to inspect its contents. Ensure the label is unobtrusive and compliant with your organization’s labeling standards.
• Readme/internal documentation: Include a README file on the drive summarizing the data type, data owner or department, contact for access inquiries, and any encryption or security requirements. This supports proper usage and auditing without exposing sensitive details externally.
• Encryption and access controls: Pair labeling with strong protection, such as full-disk encryption and approved access controls. PII should be encrypted at rest and during transport, per organizational security guidelines.
• Compliance alignment: Ensure labeling and handling reflect applicable policies (e.g., internal data classification schemes, privacy requirements, and safeguarding standards). Some frameworks mandate explicit PII labeling and secure disposal procedures.
• Disposal and transport: Labeling should be accompanied by procedures for secure transport and disposal of drives containing PII, including methods for decommissioning and destruction when appropriate.

If you’d like, share your organization’s specific data classification policy or any applicable regulatory framework (e.g., internal policy, NIST guidance, or sector-specific rules). This will help tailor the labeling language and accompanying documentation to your exact requirements.