Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

Personally Identifiable Information (PII) refers to information used to distinguish, trace or link to an individual’s identity. PII may include sensitive and non-sensitive data.

Examples of sensitive PII include a person’s Social Security Number, driver’s license and passport numbers, biometric records, and medical, financial, and certain types of educational and employment information. It may also include photographic images, logs of geographical locations, usernames and passwords.

Examples of information not considered to be sensitive PII include a person’s name, address, publicly posted photographic images, email address and publicly shared information such as Public View directory information or news.

As a Penn employee, you may handle sensitive PII data of individuals working or studying at the University. If so, it is your responsibility to protect this data and by extension the identity of individuals it belongs to. You should work diligently to:

• Understand the sensitivity of the data you handle by reviewing Penn’s Data Risk Classification guidance.
• Discuss with your supervisor and IT support staff the best location and mechanism to store digital or physical PII data.
• Secure approval from your supervisor or data owner before you access or remove data from a digital or physical location.
• Adhere to Protecting Penn Data guidance.
• Follow the “Need to Know” rule before you share PII data with any individual or entity. Check with your supervisor and/or IT support staff when you are unsure who should have access to the PII data you manage.
• Ensure the computing device you use to access PII data is secure. Review the Desktop Security 101 tips (below) to maintain a secure computer.

Resources:

• Penn Data Risk Classification: https://www.isc.upenn.edu/security/data-classification
• Protecting Penn Data: http://www.upenn.edu/oacp/privacy/penndata/
• Desktop Security 101: https://www.isc.upenn.edu/security/aware/desktop

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/