Data

Data Privacy Month--Private Information Disposal

This article was also published in the Quaestor newsletter of RIT's Institute Audit, Compliance, and Advisement.

Did you know that January is Data Privacy Month? 

For the last two years, we’ve focused on remediation and disposal of Private Information resident on RIT computers and we’ve made great progress. Have you thought about disposing of Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that’s not on your computer? We encourage you to review paper filed, disks, CD/DVDs, video tapes, and any other type of storage media containing Private Information and dispose of those containing unnecessary Private Information appropriately.  Don’t forget that retention of RIT information is also governed by the Records Management Policy (C22.0).

Paper files containing Private Information pose a risk both to RIT and to the individuals whose information if in the materials. For example, on April 14th, 2011, Central Ohio Technical College found that course information had been left in a filing cabinet at an off campus storage facility, compromising the Social Security Numbers of over 600 registered students. RIT used a similar system with Social Security numbers until June 2006, when University IDs became the main means of registration and identification on campus. DataLoss DB (http://datalossdb.org/statistics) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper and digital formats. Disposing of unnecessary Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) will help ensure RIT complies with Private information laws, policies, and procedures. 

 New York State defines private information (PI) as:

any personal information concerning a natural person combined with one or more of the following data elements: Social Security number (SSN), driver's license number, account number, or credit or debit card number in combination with any required security code. These combinations of information are often used in identity theft.

The New York State Information Security Breach and Notification Act requires that RIT notify affected consumers if their Private information is compromised.

If you’re not sure of whether or not to dispose of Private Information on your computer,  check with your manager or consult the Private Information Decision Tree here https://www.rit.edu/security/content/private-information-decision-tree

For more information about the Private Information Management Initiative, check out our PIMI FAQ page https://www.rit.edu/security/content/private-information-management-initiative-pimi-faq and our Document Destruction page https://www.rit.edu/security/content/document-destruction

Subscribe to RSS - Data