How to Store Personally Identifiable Information (PII)

• Personally identifiable information (PII) is any data that can be used to identify a specific individual, such as social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number.

• The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.

• The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
• The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

1. When emailing Sensitive PII within or outside of the College, make sure to encrypt it.  Never email Sensitive PII to a personal email account.

2. Do not leave Sensitive PII unattended on desks, printers, fax machines, or copiers.

3. Encrypt Sensitive PII stored on USB flash drives prior to mailing.
   
4. The Payment Card Industry Data Security Standard (PCI DSS) cannot be stored.  “If you don’t need it, don’t store it.”

You must report all privacy incidents, whether suspected or confirmed, to your supervisor or OIT InfoSec immediately.

 Thank you for your cooperation.

OIT InfoSec