Stories of identity theft and data breaches are common these days. That’s why it’s so important to protect your personally identifiable information (PII). Not only is it important to protect PII records that you may handle, it’s a requirement.
PII is an individual’s first name (or first initial) and last name with any of the following information:
- Social security number
- Passport or visa number
- Driver’s license number or state identification card number
- Credit card or bank account numbers or associated security codes or passwords
- Credit reports or similar financial records
- Full birthdate or place of birth
- Mother’s maiden name
- Criminal records of arrests, convictions or incarcerations
- Medical records with information such as disease diagnoses or vital statistics
- Official educational transcripts showing courses and grades
- Biometric data such as fingerprints or retinal scans
- Collections of security clearance information, such as a list of employees showing their clearance levels
When working with PII, remember the following mandatory protection measures:
Hardcopy PII
- Store hardcopy PII records in a locked cabinet when not in use.
- Do not remove it from the workplace.
- Shred it when it is no longer needed.
- If mailing hard copy PII, it must be in a sealed opaque envelope marked, “To be opened by addressee only,” on the outside.
Electronic PII
- Store and transmit the PII data in an encrypted form.
- Store PII data on Argonne servers and desktop computers approved for that purpose. (e.g., Lockbox)
- Use two-factor authentication when accessing PII and time-out functions requiring user re-authentication after 30 minutes of inactivity.
LMS-PROC-22: Safeguarding Protected Personally Identifiable Information addresses safeguarding PII. The Operations Security (OPSEC) program at Argonne is in place to prevent the inadvertent disclosure of sensitive information.
For questions on the protection requirements of PII, or other types of sensitive information, contact the OPSEC Program Manager at ext. 2-4888.
By Sandy Guendling, Security Programs Manager, Facilities Management and Services