Private Information Handling Quick Reference Table
This table provides recommendations on the correct handling of private information at RIT.
New York State defines private information (PI) as any personal information concerning a natural person combined with one or more of the following data elements: Social Security number, driver's license number, account number, or credit or debit card number in combination with any required security code.
Digital Self Defense 103 - Information Handling fulfills the training requirement for handling RIT Private or Confidential Information.
Consult the Spirion (Identity Finder) End User Documentation for Windows or Mac for more information.
Situation |
Spirion (Identity Finder) Instructions (Preferred) |
General Instructions (Use if Spirion (Identity Finder) is NOT available) |
---|---|---|
I no longer need the files containing the private information |
Delete the files using the "Shred" command. This can be done from within the Spirion (Identity Finder) interactive scan report or by right-clicking on the file or folder and choosing "Identity Finder/Shred." If you are unable to delete the file, contact your help desk. |
Delete the files securely. Use a secure file deletion utility such as Eraser. Contact your systems administrator or the RIT Service Center for recommended products. |
I need to keep the files, but I don't need the private information |
Sanitize the information by using the "Redact" command. This can be done from within the Spirion (Identity Finder) interactive scan report. Spirion (Identity Finder) will replace the Private Information with x's. Note that this option is not available for all file types. |
Sanitize the documents by deleting any private information such as Social Security Numbers (SSNs) or credit card numbers. Save a new copy of the sanitized document and delete the original file. |
I need to continue to have a unique identifier for each individual |
Sanitize the information by using the "Redact" command. This can be done from within the Spirion (Identity Finder) interactive scan report. Spirion (Identity Finder) will replace the Private Information with x's. Open the file and replace the x's with unique identifiers not based on the SSN. |
Sanitize the documents by eliminating the private information. Convert SSNs to University Identification Numbers (UIDs). |
Situation |
General Instructions for Handling Private Information |
---|---|
I need to keep the complete files containing the private information |
Unnecessary possession of Private information should be eliminated.
In addition, SSNs shall be maintained when required by either court order, subpoena, or by direction of the Office of Legal Affairs.
Contact the RIT Service Center or the RIT Information Security Office for more recommended practices. |
I need to carry the files on a portable computer, device, or media (e.g., Laptops, Flash Drives, CD/DVDs, smartphones) |
Unnecessary possession of Private information should be eliminated.
In addition, SSNs shall be maintained when required by either court order, subpoena, or by direction of the Office of Legal Affairs.
Inform your manager and your Information Steward/Management Representative of the need to retain Private information. |
I no longer need the portable media or hard drive, how do I dispose of them securely? |
The RIT Information Security Office provides the following secure disposal recommendations:
A degausser and media shredder are available at the RIT Service Center in Booth 07B. |