Private Information Management Initiative -- Faculty and Staff Responsibilities
All RIT faculty and staff are expected to follow the Private Information Management Initiative (PIMI) remediation requirements below:
- Review paper files for Private information.
- Scan RIT computers with Identity Finder for Private information (if Identity Finder is not available, scanning with an alternative tool or reviewing the computer for Private Information is recommended). The Information Security Office will initiate scans of most computers monthly.
- Scan or review personal/home computers, portable devices, and media for Private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License).
- Inform your manager in writing if there is a compelling business reason for retaining private information. Promptly secure the information in compliance with the RIT Information Access and Protection Standard.
- Notify and receive approval from your PIMI Information Steward/Management Representative.
- If you're unable to remediate the information found within Identity Finder, please redact (securely erase or securely destroy) unnecessary private information.
- Complete the Digital Self Defense 103 (2009) Information Handling course. (Center for Professional Development, online) *Note: this requirement is waived if he or she does not handle RIT Private or Confidential information.
Additional Requirements for Department Managers
- Ensure faculty and staff have reviewed paper files and scanned or reviewed electronic files.
- Ensure faculty and staff have redacted, securely erased or securely destroyed unnecessary Private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License).
- Receive authorization to retain any Private information from the Divisional VP/Information Steward/Management Representative and the Information Security Office.
- Secure the remaining Private Information in compliance with the RIT Information Access and Protection Standard.