PII: What is it?

February 2011: Please note, this article on PII, published in 2006, is no longer up-to-date.
Please instead see the SLAC PII policy.

What is PII:

Social Security Numbers in any form
Place of Birth associated with an individual
Date of birth associated with an individual
Mother's maiden name associated with an individual
Biometric record associated with an individual
- Fingerprint
- Iris scan
- DNA
Medical history information associated with an individual
- Medical conditions, including history of disease
- Metric information, e.g. weight, height, blood pressure
Criminal history associated with an individual
Employment history and other employment information associated with an individual
- Ratings
- Disciplinary actions
- Performance elements and standards (or work expectations) are PII when they are so intertwined with performance appraisals that their disclosure would reveal an individual's performance appraisal.
Financial information associated with an individual
- Credit card numbers
- Bank account numbers
Security clearance history or related information (not including actual clearances held)

What isn't PII:

Phone numbers (work, home, cell)
Street addresses (work and personal)
Email addresses (work and personal)
Digital pictures
Birthday cards
Birthday emails
Medical information pertaining to work status (X is out sick today)
Medical information included in a health or safety report
Employment information that is not PII even when associated with a name
- Resumes, unless they include an SSN
- Present and past position titles and occupational series
- Present and past grades
- Present and past annual salary rates (including performance awards or bonuses, incentive awards, merit pay amount, Meritorious or Distinguished Executive Ranks, and allowances and differentials)
- Present and past duty stations and organization of assignment (includes room and phone numbers, organization designations, work e-mail address, or other identifying information regarding buildings, room numbers, or places of employment)
- Position descriptions, identification of job elements, and those performance standards (but not actual performance appraisals) that the release of which would not interfere with law enforcement programs or severely inhibit agency effectiveness
- Security clearances held
- Written biographies (like the ones used in conference materials)
- Academic credentials
  - Academic credentials, e.g. Ph.D, MS, BS, AA
  - Schools attended
  - Major or area of study
Personal information stored by individuals about themselves on their assigned workstation or laptop (unless it contains a SSN)

Definitions:

Possession

This means that you have either a paper or electronic copy of the data physically in your office, car, home, or on your person that can be removed from SLAC merely by physically walking off with it.
- Simply viewing data on a display/monitor where the data itself resides on a computer not located in your office does not count as possession. Examples are the Z drive or in PeopleSoft.
- Copying data to your local hard drive such as the C drive is possession.
- Having the a CD or memory stick that stores PII counts as possession.
- Possession is not determined by who owns the device containing the data (in other words, whether it belongs to you or to SLAC). It is only determined by where the data is located.
- If the electronic device is capable of storing data without being connected to a power source (your C drive, external drives, floppy disks, memory sticks, CDs of any sort, etc.), the data is retained even if you delete the file (this only deletes the pointer to the file location).

Custodiann

If you possess PII, then you are automatically the custodian of that PII.

Privacy/Security/Confidentialityy

SLAC has other policies that apply to data and system access that must be kept private and out of the public domain. The PII responsibilities are in addition to these other policies, and do not replace or modify them. In the case of a conflict, the most secure or conservative interpretation should be used.

Handy Links

SLAC News Center

SLAC Today

SLAC News

Lab News

SLAC Links

Stanford

Around the Bay

PII: What is it?



Handy Links SLAC News Center News Center home page SLAC Today SLAC Today Subscribe Archives: Feb 2006-May 20, 2011 Archives: May 23, 2011 and later Submit Feedback or Story Ideas About SLAC Today SLAC News SSRL Headlines symmetry magazine TIP Archives Lab News Interactions Lightsources.org ILC NewsLine Int'l Science Grid This Week Fermilab Today Berkeley Lab News @brookhaven TODAY DOE Pulse CERN Courier DESY inForm US / LHC SLAC Links Emergency Safety Policy Repository Site Entry Form Site Maps M & O Review Computing Status & Calendar SLAC Colloquium SLACspeak SLACspace SLAC Logo Café Menu Flea Market Web E-mail Marguerite Shuttle Discount Commuter Passes Award Reporting Form SPIRES SciDoc Activity Groups Library Stanford Stanford University Stanford Report Stanford Events Life on Campus Around the Bay Bay Area Traffic Bay Area Weather Caltrain BART	PII: What is it? February 2011: Please note, this article on PII, published in 2006, is no longer up-to-date. Please instead see the SLAC PII policy. What is PII: Social Security Numbers in any form Place of Birth associated with an individual Date of birth associated with an individual Mother's maiden name associated with an individual Biometric record associated with an individual Fingerprint Iris scan DNA Medical history information associated with an individual Medical conditions, including history of disease Metric information, e.g. weight, height, blood pressure Criminal history associated with an individual Employment history and other employment information associated with an individual Ratings Disciplinary actions Performance elements and standards (or work expectations) are PII when they are so intertwined with performance appraisals that their disclosure would reveal an individual's performance appraisal. Financial information associated with an individual Credit card numbers Bank account numbers Security clearance history or related information (not including actual clearances held) What isn't PII: Phone numbers (work, home, cell) Street addresses (work and personal) Email addresses (work and personal) Digital pictures Birthday cards Birthday emails Medical information pertaining to work status (X is out sick today) Medical information included in a health or safety report Employment information that is not PII even when associated with a name Resumes, unless they include an SSN Present and past position titles and occupational series Present and past grades Present and past annual salary rates (including performance awards or bonuses, incentive awards, merit pay amount, Meritorious or Distinguished Executive Ranks, and allowances and differentials) Present and past duty stations and organization of assignment (includes room and phone numbers, organization designations, work e-mail address, or other identifying information regarding buildings, room numbers, or places of employment) Position descriptions, identification of job elements, and those performance standards (but not actual performance appraisals) that the release of which would not interfere with law enforcement programs or severely inhibit agency effectiveness Security clearances held Written biographies (like the ones used in conference materials) Academic credentials Academic credentials, e.g. Ph.D, MS, BS, AA Schools attended Major or area of study Personal information stored by individuals about themselves on their assigned workstation or laptop (unless it contains a SSN) Definitions: Possession This means that you have either a paper or electronic copy of the data physically in your office, car, home, or on your person that can be removed from SLAC merely by physically walking off with it. Simply viewing data on a display/monitor where the data itself resides on a computer not located in your office does not count as possession. Examples are the Z drive or in PeopleSoft. Copying data to your local hard drive such as the C drive is possession. Having the a CD or memory stick that stores PII counts as possession. Possession is not determined by who owns the device containing the data (in other words, whether it belongs to you or to SLAC). It is only determined by where the data is located. If the electronic device is capable of storing data without being connected to a power source (your C drive, external drives, floppy disks, memory sticks, CDs of any sort, etc.), the data is retained even if you delete the file (this only deletes the pointer to the file location). Custodiann If you possess PII, then you are automatically the custodian of that PII. Privacy/Security/Confidentialityy SLAC has other policies that apply to data and system access that must be kept private and out of the public domain. The PII responsibilities are in addition to these other policies, and do not replace or modify them. In the case of a conflict, the most secure or conservative interpretation should be used.