PII: Guidelines for Assuring Privacy of Information

February 2011: Please note, this article on PII, published in 2006, is no longer up-to-date.
Please instead see the SLAC PII policy.

SLAC staff who have access to Personally Identifiable Information (PII) or confidential and private information are to follow these guidelines to help insure the security of this information:

Physical Security:

Office or department doors are to be locked when no staff is working within the area.
Documents containing PII or confidential and private information are to be kept in cabinets that are locked when staff is not present.
Staff are to lock their cabinets, desks and filing cabinets if they contain PII or private and confidential information.
Documents containing PII are not to be sent through the mail system and should be distributed only on the basis of critical business need. They are to be hand-carried to the recipient only in those cases.
All hard copy documents containing private and confidential information (but not PII) that are sent through the mail system are sealed with "confidential" stickers.
All documents containing PII or private and confidential information are shredded once they are no longer in use.

Computer Security:

Staff are to lock out of their computers whenever they leave their work stations.
Private and confidential information is not to be sent via the email system unless there is a critical business need to do so; PII should never be sent through the email system.
Personal Digital Assistants (PDAs), laptop computers and other portable electronic devices which may contain PII should be secured when possible.
Personal Identity Information should not be saved to local drives on laptops, desktop computers, or on personal storage devices without explicit approval based on business necessity.
Simply moving files containing PII into the Recycle Bin is insufficient to ensure the information has been successfully and safely cleared from the system. Staff will use appropriate software to be distributed by SCCS that will enable all users to better protect themselves and their colleagues from identity theft.

Procedural Security:

All employees who have access to any private or confidential information are required to sign a Confidentiality Agreement and a SLAC Individual Certification form which is retained in his/her personnel file.

Handy Links

SLAC News Center

SLAC Today

SLAC News

Lab News

SLAC Links

Stanford

Around the Bay

PII: Guidelines for Assuring Privacy of Information



Handy Links SLAC News Center News Center home page SLAC Today SLAC Today Subscribe Archives: Feb 2006-May 20, 2011 Archives: May 23, 2011 and later Submit Feedback or Story Ideas About SLAC Today SLAC News SSRL Headlines symmetry magazine TIP Archives Lab News Interactions Lightsources.org ILC NewsLine Int'l Science Grid This Week Fermilab Today Berkeley Lab News @brookhaven TODAY DOE Pulse CERN Courier DESY inForm US / LHC SLAC Links Emergency Safety Policy Repository Site Entry Form Site Maps M & O Review Computing Status & Calendar SLAC Colloquium SLACspeak SLACspace SLAC Logo Café Menu Flea Market Web E-mail Marguerite Shuttle Discount Commuter Passes Award Reporting Form SPIRES SciDoc Activity Groups Library Stanford Stanford University Stanford Report Stanford Events Life on Campus Around the Bay Bay Area Traffic Bay Area Weather Caltrain BART	PII: Guidelines for Assuring Privacy of Information February 2011: Please note, this article on PII, published in 2006, is no longer up-to-date. Please instead see the SLAC PII policy. SLAC staff who have access to Personally Identifiable Information (PII) or confidential and private information are to follow these guidelines to help insure the security of this information: Physical Security: Office or department doors are to be locked when no staff is working within the area. Documents containing PII or confidential and private information are to be kept in cabinets that are locked when staff is not present. Staff are to lock their cabinets, desks and filing cabinets if they contain PII or private and confidential information. Documents containing PII are not to be sent through the mail system and should be distributed only on the basis of critical business need. They are to be hand-carried to the recipient only in those cases. All hard copy documents containing private and confidential information (but not PII) that are sent through the mail system are sealed with "confidential" stickers. All documents containing PII or private and confidential information are shredded once they are no longer in use. Computer Security: Staff are to lock out of their computers whenever they leave their work stations. Private and confidential information is not to be sent via the email system unless there is a critical business need to do so; PII should never be sent through the email system. Personal Digital Assistants (PDAs), laptop computers and other portable electronic devices which may contain PII should be secured when possible. Personal Identity Information should not be saved to local drives on laptops, desktop computers, or on personal storage devices without explicit approval based on business necessity. Simply moving files containing PII into the Recycle Bin is insufficient to ensure the information has been successfully and safely cleared from the system. Staff will use appropriate software to be distributed by SCCS that will enable all users to better protect themselves and their colleagues from identity theft. Procedural Security: All employees who have access to any private or confidential information are required to sign a Confidentiality Agreement and a SLAC Individual Certification form which is retained in his/her personnel file.