Information can be broken into three categories:
- High-Risk – Data that could be used to steal an individual's identity or cause harm to the
individual, and for which there are legal requirements or industry standards prohibiting
or imposing financial penalties for unauthorized disclosure. Data covered by Gramm-Leach Bliley Act
(GLBA) and Payment Card Industry (PCI) are in this class.
- Restricted – Information assets for which there are legal requirements prohibiting or imposing
financial penalties for unauthorized disclosure. Data covered by federal and state
legislation, such as Family Educational Rights and Privacy Act (FERPA), Health Insurance
Portability and Accountability Act (HIPAA), Government Records Access and Management
Act (GRAMA), or the Data Protection Act, are in this class.
- Confidential – Data that the College has determined should be protected because it may expose
the College to loss if disclosed, but is not protected by federal or state legislation.
For example a user ID in combination with a password is considered to be confidential.
The following is a compiled list of PII from various college sources.
This list is not exhaustive and should only be used as a reference for purposes of
data protection. Data protection is the implementation of administrative, technical
or physical measures to guard against the unauthorized access to data.
Employee Information
- Social security number
- Birth date/place
- Home phone number
- Home address
- Health records
- Passwords
- Gender
- Ethnicity
- Citizenship
- Citizen visa code
- Veteran and disability status
Non-directory Student Information
May not be released except under certain prescribed conditions. Non-releasable information
includes:
- Social security number
- Student ID
- Courses taken
- Number of course units enrolled
- Schedule
- Last school attended
- Test scores
- Advising records
- Educational services received
- Disciplinary actions
- Student e-mail
- Grades and/or grade point average
Protected Patient Health & Research Identifiers
- Name
- All geographic subdivisions smaller than a state (street address, city, county, precinct)
Note: zip code or equivalents must be removed, but can retain first three digits if
the geographic unit to which the zip code applies if the zip code area contains more
than 20,000 people.
- For dates directly related to the individual, all elements of dates, except year (date
of birth, admission date, discharge date, date of death).
- All ages over 89 or dates indicating such an age, except that you may have an aggregate
category of individuals 90 and older.
- Telephone number
- Fax number
- Email address
- Social security number
- Medical record number
- Health plan number
- Account numbers
- Certificate or license numbers
- Vehicle identification/serial numbers, including license plate numbers
- Device identification/serial numbers
- Universal resource locators
- Internet protocol addresses
- Biometric identifiers
- Full face photographs and comparable images
- Any other unique identifying number, characteristic or code
Financial/Credit Cards
Any information obtained during the offering or delivery of a financial product or
service that is identifiable to an individual such as:
- Name
- Address
- Phone number
- Account balances
- ACH numbers
- Bank account numbers
- Credit card numbers
- Credit rating
- Location of birth
- Driver's license information
- Income history
- Payment history
- Tax return information
Any information obtained during the processing of a credit card payment transaction
that identifies individual consumers and their purchases, such as:
- Account number
- Expiration date
- Name
- Address
- Social security number
Other
- Legal investigations conducted by the College
- Sealed bids
- Trade secrets or intellectual property such as research activities
- Location of assets
- Linking a person with the specific subject about which the library user has requested
information or materials.