Personally Identifiable Information
Definition: Personally Identifiable Information (PII) is any data that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.
Governing Authority: Sensitive Data Policies and Regulatory Compliance
Responsible Operating Unit: Legal Affairs
Examples: Data elements included under this category of information are: social security number, credit/debit card number, bank account number, driver's license number, passport number, date of birth. PII can be obtained from employees, students, or donors.
Special Considerations: PII should be accessed only on a strictly need-to-know basis and handled and stored with care. While social security numbers are a type of PII, the legal requirements for protecting them are much more stringent than for other PII types. Additionally, PID numbers by themselves are not considered sensitive or personally identifiable information.
Acceptable IT Services & Tools:
- OnBase - With OIT consultation.
- OneDrive/O365 Groups - Only with OIT consultation and Group setup according to the Storing Sensitive Data within OneDrive Standard.
- NAS departmental shared storage (shared.ohio.edu) - With OIT consultation to ensure data is encrypted.
- NAS individual home storage (home.ohio.edu) - With OIT consultation to ensure data is encrypted.
Not Permitted IT Services & Tools:
- OneDrive/O365 individual accounts
- Personal cloud accounts
- Personal/Non-University owned devices
If you don't see the IT service or tool listed that you wish to use to store data classified as medium or high sensitivity, contact Information Security to determine if it's appropriate for your data type.