Protecting Personally Identifiable Information
Many departments at MSU Denver handle sensitive and confidential information about individuals – also known as Personally Identifiable Information (PII). Safeguarding PII is imperative due to the high risk of identity theft or financial loss posed to individuals and to the University in the event of improper disclosure.
What is PII?
PII includes any information that can be used to uniquely identify, contact, locate, or impersonate an individual or can be used with other information to uniquely identify a person.
General PII
General PII provides general information about a person, but is not considered sensitive unless it is paired with other PII. General PII includes:
- Name
- Email address
- Home address
- Phone number
Sensitive PII
Sensitive PII includes any information that can be used to uniquely identify, contact, locate, or impersonate an individual. It is always considered confidential. Sensitive PII includes:
- Social Security Number (SSN)
- Educational records protected by FERPA
- Driver’s license number
- Passport number
- Alien registration number
- Financial account numbers (bank, credit card, etc.)
- Biometric identifiers
- Protected Health Information (PHI), which is protected by HIPAA
Combining PII Increases Risk
Combining PII with another identifier makes it sensitive PII, because the combined information may be used to uniquely identify a person.
If paired with another identifier, the following become sensitive PII:
- Last 4 digits of SSN
- Mother’s maiden name
- Date of birth
- Place of birth
- Medical information
- Account passwords
- Citizenship or immigration status
- Ethnic or religious affiliation
- Sexual orientation
- Criminal history
- Zip code
MSU Denver’s Commitment to Protect PII
MSU Denver is committed to protecting the PII of its students, faculty, staff, and other individuals associated with the University. Please do your part in protecting the PII entrusted to you.
It is the responsibility of all departments and employees to:
- Take stock.
Know what PII you have in your files and on your computers.
- Scale down.
Keep only what you need.
- Lock it.
Protect the information that you keep. This includes physical and electronic security.
- Pitch it.
Properly dispose of what you no longer need.
- Share and store cautiously.
Never send PII via email or store on cloud services, such as Dropbox or OneDrive.
- Report it.
Immediately report all suspected or confirmed privacy incidents to the ITS Service Desk.
Properly Handling PII at Work
Consider the following when handling PII:
- PII could be in your file cabinet, in your desk, on your computer, laptop, memory stick, PDA, etc.
- Collect only the information you are legally allowed to collect and only what you need to perform your specify business function.
- Be sure to follow procedures for shredding documents containing PII, including CDs.
- Adopt a “clean-desk policy”: Don’t leave documents with PII on your desk.
- Lock up documents with PII overnight and on weekends.
- Lock your computer when you step away from the keyboard.
- Don’t leave sensitive PII in a voice mail message or send it in an email.
- Protect printed or faxed documents that contain PII.
- Don’t take or send MSU Denver records with PII or other confidential information home unless authorized to do so.
- Use strong passwords and never share them!
Want to learn more?