Private Information

Information can be broken into three categories:

High-Risk – Data that could be used to steal an individual's identity or cause harm to the individual, and for which there are legal requirements or industry standards prohibiting or imposing financial penalties for unauthorized disclosure. Data covered by Gramm-Leach Bliley Act (GLBA) and Payment Card Industry (PCI) are in this class.
Restricted – Information assets for which there are legal requirements prohibiting or imposing financial penalties for unauthorized disclosure. Data covered by federal and state legislation, such as Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Government Records Access and Management Act (GRAMA), or the Data Protection Act, are in this class.
Confidential – Data that the College has determined should be protected because it may expose the College to loss if disclosed, but is not protected by federal or state legislation. For example a user ID in combination with a password is considered to be confidential.

The following is a compiled list of PII from various college sources.

This list is not exhaustive and should only be used as a reference for purposes of data protection. Data protection is the implementation of administrative, technical or physical measures to guard against the unauthorized access to data.

Employee Information

Social security number
Birth date/place
Home phone number
Home address
Health records
Passwords
Gender
Ethnicity
Citizenship
Citizen visa code
Veteran and disability status

Non-directory Student Information
May not be released except under certain prescribed conditions. Non-releasable information includes:

Social security number
Student ID
Courses taken
Number of course units enrolled
Schedule
Last school attended
Test scores
Advising records
Educational services received
Disciplinary actions
Student e-mail
Grades and/or grade point average

Protected Patient Health & Research Identifiers

Name
All geographic subdivisions smaller than a state (street address, city, county, precinct) Note: zip code or equivalents must be removed, but can retain first three digits if the geographic unit to which the zip code applies if the zip code area contains more than 20,000 people.
For dates directly related to the individual, all elements of dates, except year (date of birth, admission date, discharge date, date of death).
All ages over 89 or dates indicating such an age, except that you may have an aggregate category of individuals 90 and older.
Telephone number
Fax number
Email address
Social security number
Medical record number
Health plan number
Account numbers
Certificate or license numbers
Vehicle identification/serial numbers, including license plate numbers
Device identification/serial numbers
Universal resource locators
Internet protocol addresses
Biometric identifiers
Full face photographs and comparable images
Any other unique identifying number, characteristic or code

Financial/Credit Cards

Any information obtained during the offering or delivery of a financial product or service that is identifiable to an individual such as:

Name
Address
Phone number
Account balances
ACH numbers
Bank account numbers
Credit card numbers
Credit rating
Location of birth
Driver's license information
Income history
Payment history
Tax return information

Any information obtained during the processing of a credit card payment transaction that identifies individual consumers and their purchases, such as:

Account number
Expiration date
Name
Address
Social security number

Other

Legal investigations conducted by the College
Sealed bids
Trade secrets or intellectual property such as research activities
Location of assets
Linking a person with the specific subject about which the library user has requested information or materials.