Calendar A-Z Index School of Arts and Sciences University of Pennsylvania

PII @ Penn

How PII is used at Penn, the rules and policy governing PII, and material to address specific scenarios at Penn.

Grades

Grades are definitely considered to be sensitive data. They are protected by federal FERPA (Family Educational Rights and Privacy Act) statutes and anyone who deals with grades must take care that they are not revealed improperly.

Instructors are responsible for the security of the grades of the students in their classes. For many professors, this means making sure that grade sheets are stored electronically on a shared drive.

I Already Did SPIA

Great! That means you have already taken an important first step toward protecting your data.

Is PII My Problem?

In a word, yes. There is no magic wand that some IT guru at Penn can wave in order to make sure that sensitive data is kept secure on every computer and in every desk. It is up to each individual who works at Penn and performs critical university functions related to this data to ensure that they are following best practices and complying with university policy.

The Social Security Number Policy, in particular, explicitly holds every individual staff and faculty member responsible for compliance.

I Have PII, What Now?

The first thing you need to do is decide whether the sensitive data that you have is something that you need to keep or whether it should be destroyed to prevent it from falling into the wrong hands.

What is the Minimum I Have to do?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed tempor interdum leo, ac volutpat justo feugiat sed. Curabitur venenatis congue arcu id blandit. Duis accumsan vulputate tellus ac tincidunt. Aenean ut metus libero, eget aliquam ipsum. Nam eu nunc et eros placerat posuere eu sit amet arcu. Nam gravida nulla in tortor aliquam mattis. Etiam egestas mattis urna in congue. Pellentesque non scelerisque urna. Pellentesque a felis eget augue suscipit faucibus. Cras bibendum eros eget nulla porta congue. Aenean scelerisque lectus sed nibh elementum eu malesuada neque pulvinar.

Eliminating PII

Securely destroying sensitive data that you no longer need to keep is an important step in information security.

I Don't Have Any PII

A lot of computer users on campus believe that they don't have any sensitive data on their computers. Some of them no doubt are correct, but many of them are mistaken.

PII can lurk in many places on a user's computer: in the browser cache; in the 'downloads' folder if they've downloaded lists or other data; and in folders that have been copied forward for years whenever the person gets a new machine, just to name a few examples.

What is Identity FInder

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed tempor interdum leo, ac volutpat justo feugiat sed. Curabitur venenatis congue arcu id blandit. Duis accumsan vulputate tellus ac tincidunt. Aenean ut metus libero, eget aliquam ipsum. Nam eu nunc et eros placerat posuere eu sit amet arcu. Nam gravida nulla in tortor aliquam mattis. Etiam egestas mattis urna in congue. Pellentesque non scelerisque urna. Pellentesque a felis eget augue suscipit faucibus. Cras bibendum eros eget nulla porta congue. Aenean scelerisque lectus sed nibh elementum eu malesuada neque pulvinar.

Tools

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed tempor interdum leo, ac volutpat justo feugiat sed. Curabitur venenatis congue arcu id blandit. Duis accumsan vulputate tellus ac tincidunt. Aenean ut metus libero, eget aliquam ipsum. Nam eu nunc et eros placerat posuere eu sit amet arcu. Nam gravida nulla in tortor aliquam mattis. Etiam egestas mattis urna in congue. Pellentesque non scelerisque urna. Pellentesque a felis eget augue suscipit faucibus. Cras bibendum eros eget nulla porta congue. Aenean scelerisque lectus sed nibh elementum eu malesuada neque pulvinar.

Sharing Records

Sometimes it can be difficult to know when it is ok to share sensitive data. After all, for some functions carried out by Penn there is a legitimate need to use that information -- for example, as an educational institution we have to use information about grades and academic status.

Syndicate content