PII: Guidelines for Assuring Privacy of Information
February 2011: Please note, this article on PII, published in 2006,
is no longer up-to-date.
Please instead see the
SLAC PII policy.
SLAC staff who have access to Personally Identifiable Information (PII) or confidential and private information are to follow these guidelines to help insure the security of this information:
- Office or department doors are to be locked when no staff is working within the area.
- Documents containing PII or confidential and private information are to be kept in cabinets that are locked when staff is not present.
- Staff are to lock their cabinets, desks and filing cabinets if they contain PII or private and confidential information.
- Documents containing PII are not to be sent through the mail system and should be distributed only on the basis of critical business need. They are to be hand-carried to the recipient only in those cases.
- All hard copy documents containing private and confidential information (but not PII) that are sent through the mail system are sealed with "confidential" stickers.
- All documents containing PII or private and confidential information are shredded once they are no longer in use.
- Staff are to lock out of their computers whenever they leave their work stations.
- Private and confidential information is not to be sent via the email system
unless there is a critical business need to do so; PII should never
be sent through the email system.
- Personal Digital Assistants (PDAs), laptop computers and other portable electronic devices which may contain PII should be secured when possible.
- Personal Identity Information should not be saved to local drives on laptops, desktop computers, or on personal storage devices without explicit approval based on business necessity.
- Simply moving files containing PII into the Recycle Bin is insufficient to ensure the information has been successfully and safely cleared from the system. Staff will use appropriate software to be distributed by SCCS that will enable all users to better protect themselves and their colleagues from identity theft.
- All employees who have access to any private or confidential information are required to sign a Confidentiality Agreement and a SLAC Individual Certification form which is retained in his/her personnel file.