What is Sensitive Personal Identifying Information (PII)
Sensitive Personal Identifying Information (PII) is defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.
In general terms it is any information that could be used by criminals to conduct identity theft, blackmail, stalking, or other crimes against an individual. Federal and State laws, and University regulations dictate how this information must be stored, transmitted, and processed.
LIU requires that all laws and regulations are followed to ensure the protection and safety of our community. Contact Information Technology at firstname.lastname@example.org for more information about PII.
Sensitive PII include:
- Social security numbers
- Academic Student information
- Date of birth, address, bio-demographical information
- Credit card and debit card information
- Passport information
- Driver’s license and state ID information
- Healthcare related information
Listed below are some key regulations:
- Cyber security framework based on Department of Commerce National Institute of Standards and Technology (NIST)
A government-issued guideline document of standards, guidelines and practices for reducing cyber risk to critical infrastructure.
- NYS Information Security Breach and Notification Act
Business in New York who own or license computerized data which includes private information must disclose any breach of the data to New York residents.
- Family Educational Rights and Privacy Act (FERPA)
All student record data including financials are considered private.
Examples: Student grades, major, and other academic/financial records
- Health Insurance Portability and Accountability Act (HIPAA/HITECH)
May apply to our clinic sites off campus
- Gramm-Leach Bliley Act (GLBA)
Federal legislation that deals with banking industry and the exchange of information.
Example: GLBA applies to LIU since we collect financial information.
- Payment Card Industry Data Security Standard (PCI-DSS)
Europay, Mastercard, Visa technical standard (EMV)
Example: Credit card transactions
Should I send confidential information via email?
Unencrypted email is not a secure method for transmitting confidential information or sensitive data over the Internet. If it is necessary to send such information, take steps to secure it by encrypting your message, taking into account the sensitivity of the data being transmitted and the level of security at the source and destination systems.
At LIU, do not send sensitive data via email unless:
- It is required by your role within the university
- You’ve been issued appropriate storage solution for more secure alternatives by IT for larger data size
Otherwise, do not use email to transmit sensitive information unless you are utilizing an IT approved method of securing the email.
For LIU’s policies concerning sensitive data, see https://it.liu.edu/about-us/it-policies.
Your role within the university
Security measures are active in LIU email along with all other LIU information systems, so if you encounter any automated alert/message for which you have a question or need help to navigate through in order to complete your work duties, please contact your local campus IT office for further assistance.
Employees interested in obtaining information/trainings about handling sensitive data, and any other personnel-related topic pertinent to employment at LIU, are encouraged to contact LIU’s University Human Resources Office.
Sensitive data sent within LIU
Email sent from one account on a central LIU email server (i.e., an Exchange server) to another email account on the LIU Exchange servers has technical and physical safeguards, and is considered secure. However, because a recipient might forward any message you send, or might have his or her LIU email configured to send all messages to an outside account, you should tag all messages containing sensitive data, even ones to LIU addresses.
Security for large files
If the information you need to send securely is a large file, you might not be able to share it securely via email; LIU restricts the size of email attachments. Please reach out to your local IT office for a secure file sharing method.