Calendar A-Z Index School of Arts and Sciences University of Pennsylvania

PII @ Penn

How PII is used at Penn, the rules and policy governing PII, and material to address specific scenarios at Penn.

Records Retention

If you think you have too much paper around your office, you're probably right. Many academic departments and programs keep more paper than they need to -- either because they are not required to retain certain records, or because the University Records Office is actually already retaining those records if they must be kept.

Penn Policy

In brief, Penn's policies require every individual who works with sensitive data to share in the responsibility for keeping that data secure. Some important elements of the policies include:


  • Never use SSN's as an identifier unless absolutely necessary. Choose Penn ID number or another alternative if at all possible.
  • If SSN's are necessary, then data containing SSN's must be encrypted at all times.
  • A computer that stores sensitive data is subject to additional security requirements beyond, eg, an administrative workstation.

Finding Sensitive Data

Sensitive data, sometimes called PII (for personally identifiable information) can be found in a lot of places it shouldn't be, which is part of the reason there is so much publicity about it.

PII may reside on your computer, or it may be in paper records. It can also be stored in the memory of printers and fax machines.

Some people need to use PII to do their jobs (payroll, for instance) and those people need to take extra precautions to make sure they're handling the data as securely as possible. (See My work requires PII.)

PII at Penn

As cybercrime and identity theft have been on the rise, and as lawmakers have passed laws aimed at preventing these crimes, the information security landscape has been evolving over the past few years. At Penn we are always working to make sure that we meet or exceed regulatory requirements and best practices in a constantly changing environment.

Syndicate content