PII (Personally Identifiable Information) is data that is deemed confidential by law, regulation or university policy or which contains information that is highly private or personal or could lead to identity theft if mishandled. Confidential Information includes:
The process of transforming information to make it unreadable to anyone except those possessing the password to unlock the data, usually referred to as a key. Encryption can be enabled on a computer using applications such as PGP Whole Disk Encryption.
Family Educational Rights and Privacy Act of 1974 – requires protection of student information.
Health Insurance Portability and Accountability Act of 1996 – requires protection of health data; HITECH Act 2009 expanded HIPAA to include notification requirement.
Software utilized to find PII on computers and mobile devices.
The theft of Personally Identifiable Information which is then used to steal money from the person or to utilize their identity for other benefits.
Catch-all phase that covers anything bad (viruses, worms, Trojans, etc.) that can affect a computer. Malware is spread by infected email, web sites, attachments, etc.
The primary or basic software platform by which a computer controls the management and presentation of data. Example: Windows, Macintosh and Linux are the three major types of OS, whereas iTunes, Adobe Photoshop and MS Office are tools that can run on top of an OS. Computer purchases almost always include the OS, but not the individual tools. Windows was originally developed to meet business needs like word-processing and data manipulation in spreadsheets and databases. Macintosh satisfied the demand for a platform that supported software tools for customers in creative fields like movie and sound editing or graphic design. Over time, Macintosh became more business-user friendly and Windows implemented features that appealed to artists. Software tools like MS Office were originally developed for a specific OS. For example MS Office only ran on Windows and i-branded tools like iTunes, iMovie, and iPhoto only ran on Macintosh. Today, software tools are usually designed to perform on either Windows or Macintosh.
These are requirements for anyone accepting Credit Cards. See http://creditcards.rice.edu to learn more.
Software that encrypts everything on a user’s computer or mobile device, so if the computer/device is lost or stolen, the data is unreadable.
An email message that may look legitimate (e.g. from your bank) but is really a type of social engineering attempt to acquire sensitive information, such as user id and password.
Any individual’s first name (or initial) and last name in combination with :
PII shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
Redaction/redacting is the sanitizing (removal) of unnecessary information from a file to get rid of the sensitive or private parts. It is more than obscuring or hiding the information. Redaction can be done with electronic files using tools such as Identity Finder and Adobe Acrobat. It can be done with paper files as well by cutting out or blacking out the information so that it is illegible.
Information related to Rice’s business and academic activities, although not cloaked with the same level of concern or legal protection as confidential information, is still considered by Rice to be “sensitive information”. Examples of these types of information include, but are not limited to:
Organizational units must be mindful that while some information may be directory information that would not ordinarily be confidential or sensitive, there may be other reasons for not disclosing the information (e.g., if a student has requested the Registrar not release directory information about that student).
File server (computer) that provides a location for sharing storage of files with others, so everyone has access to the same version, and individuals don’t need to have data locally or share files via email.
Virtual Private Network – a way to allow private or secure communications between systems.
Data Security is everyone’s responsibility.