PII – Best Practices

  • PII
  • What is Public PII?
  • What is Protected PII?
  • Incident Reporting

Personal Identifiable Information

Any information pertaining to an individual that can be used to distinguish or trace a person’s identity. Some information that is considered PII is available in public sources such as telephone books, public websites, university listings, etc.

Best Practices – Preventative

If you don’t need it, don’t collect or store it – Only request information that is needed to complete your task, do not store PII data unless absolutely necessary.

Do not leave files or documents containing PII information unsecured and unattended on desks, printers, personal computers, copiers, phones or fax machines.

Do not send or forward emails with PII to personal email (any non-KCC email account).

Do not upload PII to unauthorized websites.

Do not use unauthorized mobile devices to access PII.

Lock up portable devices (laptops, tablets, smart phones).

Clear your web browser history to avoid other users accessing PII.

Disable auto-fill settings on your browser.

Taking notes when helping an end user might be necessary, when you are finished they should be shredded immediately.

Any time you step away from your computer, you should lock it to avoid the chance of unauthorized individuals gaining access to the computer and potential PII.

If end user mistakenly or accidentally leaves behind PII at a facility or event hosted by KCC, the PII information should be stored in a safe location, and they should be contacted as soon as possible.

Public PII

The following additional types of PII may be transmitted electronically without protection because they are not considered sufficiently sensitive to require protection.

  • First Name
  • Last Name
  • Address
  • Work telephone number
  • Work email address
  • Home telephone number
  • General education credentials
  • Photos and video

If a question arises about what is or isn’t PII, please contact the Information Services Help Desk 269-965-4148.

Protected PII

Protected PII is defined as PII which, when disclosed, could result in harm to the individual whose name or identity is linked to the information.

For the purpose of determining which PII may be electronically transmitted, the following types of PII are considered sensitive when they are associated with an individual. Secure methods must be employed in transmitting this data when associated with an individual.

  • Social Security Number
  • Username and password
  • Passport number
  • Credit card number
  • Clearances
  • Banking information
  • Biometrics
  • Date and place of birth
  • Mother’s maiden name
  • Driver’s License number
  • Criminal, medical and financial records
  • Educational transcripts
  • Photos and video including any of the above

If a question arises about what is or isn’t PII, please contact the Information Services Help Desk 269-965-4148.

Incident Reporting

The Information Services Department must be informed of a real or suspected disclosure of Protected PII data within 12 hours after discovery; e.g. misplacing a paper report, loss of a laptop, mobile device, or removable media containing PII, accidental email of PII, possible virus or malware infection on a computer containing PII.

Please fill out a Work Order with as much information as possible so we may attempt in recovery of the protected PII.