Private Information Handling Quick Reference
PRIVATE INFORMATION HANDLING QUICK REFERENCE TABLE
This table provides recommendations on the correct handling of Private Information at RIT.
New York State defines Private Information (PI) as any personal information concerning a natural person combined with one or more of the following data elements: Social Security number, driver's license number, account number, or credit or debit card number in combination with any required security code.
Digital Self Defense 103 - Information Handling fulfills the training requirement for handling RIT Private or Confidential Information.
Consult the Spirion (Formerly Identity Finder) End User Guide for Windows or Mac for more information.
Situation |
Spirion Instructions (Preferred) |
General Instructions (Use if Spirion is NOT available) |
---|---|---|
I no longer need the files containing the Private Information |
Delete the files using the "Shred" command. This can be done from within the Spirion interactive scan report or by right-clicking on the file or folder and choosing "Spirion/Shred." If you are unable to delete the file, contact your help desk. |
Delete the files securely. Use a secure file deletion utility such as Eraser. Contact your systems administrator or the RIT Service Center for recommended products. |
I need to keep the files, but I don't need the Private Information |
Sanitize the information by using the "Scrub" command. This can be done from within the Spirion interactive scan report. Spirion will replace the Private Information with x's. Note that this option is not available for all file types. |
Sanitize the documents by deleting any Private Information such as Social Security Numbers (SSNs) or credit card numbers. Save a new copy of the sanitized document and delete the original file. |
I need to continue to have a unique identifier for each individual |
Sanitize the information by using the "Scrub" command. This can be done from within the Spirion interactive scan report. Spirion will replace the Private Information with x's. Open the file and replace the x's with unique identifiers not based on the SSN. |
Sanitize the documents by eliminating the Private Information. Convert SSNs to University Identification Numbers (UIDs). |
Situation |
General Instructions for Handling Private Information |
---|---|
I need to keep the complete files containing the Private Information |
Unnecessary possession of Private Information should be eliminated.
In addition, SSNs shall be maintained when required by either court order, subpoena, or by direction of the Office of Legal Affairs.
Contact the RIT Service Center or the RIT Information Security Office for more recommended practices. |
I need to carry the files on a portable computer, device, or media (e.g., Laptops, Flash Drives, CD/DVDs, smartphones) |
Unnecessary possession of Private Information should be eliminated.
In addition, SSNs shall be maintained when required by either court order, subpoena, or by direction of the Office of Legal Affairs.
Inform your manager and your Information Steward/Management Representative of the need to retain Private Information. |
I no longer need the portable media or hard drive, how do I dispose of them securely? |
The RIT Information Security Office provides the following secure disposal recommendations:
A degausser and media shredder are available at the RIT Service Center in Booth 07B. |
Links:
- Data Loss Prevention Overview
- Faculty and Staff Responsibilities
- Private Information Handling Quick Reference
- Private Information Decision Tree
- Private Information Management FAQ
- Spirion (Formerly Identity Finder) End User Documentation
- Technical and Management Representatives