Safeguarding Yours and Others' PII
Volume 6, No. 1
Have you given much thought to yours and others PII? If not, NOW IS THE TIME to get serious about protecting Personally Identifiable Information! That’s right--yours and others’ PII. Protecting personally identifiable information is everyones’ responsibility, and below are critical points to consider and practice.
1. Personally identifiable information (PII) is any data about an individual that could potentially identify that person, such as a name, fingerprints or other biometric data, email address, street address, telephone number, social security number or personal financial information.
2. Harms to an individual resulting from an information breach involving PII may include identity theft, embarrassment, or blackmail; organizational harms may include a loss of public trust, legal liability, or remediation costs.
3. What steps should you take to protect personally identifiable information?
- All paper documents or files, as well as CDs, floppy disks, zip drives, flash drives, tapes, and backups containing personally identifiable information should be stored in a locked file cabinet.
- Files containing personally identifiable information should be kept in locked file cabinets except when an employee is working on the file; employees should not leave sensitive papers out on their desks when they are away from their workstations.
- At the end of the day, employees should put files away, log off of their computers, and lock their file cabinets and office doors.
Should you wish to discuss more details about protecting yours and others’ PII, please contact the Help Desk and ask to speak with an Information Systems and Services administrator.
*This Issue’s PII Term
Term: De-identified Information
Definition: Records that have had enough PII removed or obscured such that the remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual.
Example in a sentence: Before forwarding the student’s record, the Registrar confirmed the files contained only de-identified information.
Source: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
If you have questions or need assistance, please call the Help Desk at (805) 493-3698 or send e-mail to helpdesk@callutheran.edu Additional information is available at the Computer Training Website; in addition, an archive of previous Tech Bytes issues is located at http://www.callutheran.edu/iss/training/tech_bytes/