Ohio University

Personally Identifiable Information

Definition: Personally Identifiable Information (PII) is any data that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.

Governing Authority: Sensitive Data Policies and Regulatory Compliance

Responsible Operating Unit: Legal Affairs

Examples: Data elements included under this category of information are: social security number, credit/debit card number, bank account number, driver's license number, passport number, date of birth. PII can be obtained from employees, students, or donors.

Special Considerations: PII should be accessed only on a strictly need-to-know basis and handled and stored with care. While social security numbers are a type of PII, the legal requirements for protecting them are much more stringent than for other PII types. Additionally, PID numbers by themselves are not considered sensitive or personally identifiable information.

Acceptable IT Services & Tools:

  • Qualtrics
  • PeopleSoft

Consultation Required:

  • OnBase - With OIT consultation.
  • OneDrive/O365 Groups - Only with OIT consultation and Group setup according to the Storing Sensitive Data within OneDrive Standard.
  • NAS departmental shared storage (shared.ohio.edu) - With OIT consultation to ensure data is encrypted.
  • NAS individual home storage (home.ohio.edu) - With OIT consultation to ensure data is encrypted.

Not Permitted IT Services & Tools:

  • Blackboard
  • OneDrive/O365 individual accounts
  • PeopleSoft
  • Personal cloud accounts
  • Personal/Non-University owned devices

If you don't see the IT service or tool listed that you wish to use to store data classified as medium or high sensitivity, contact Information Security to determine if it's appropriate for your data type.