Personally Identifiable Information (PII) is a category of information linked to a specific individual that would allow a person who does not have personal knowledge or the relevant circumstance, to identify the individual with reasonable certainty.
It is the policy of Kalamazoo College to protect the privacy of PII that is within its control. Federal and state information privacy laws require Kalamazoo College to protect certain elements of PII, often because of the sensitivity of the data and / or its potential for misuse for fraudulent activities or other forms of identity theft. These laws may require Kalamazoo College to self-report to the state or federal government and / or provide notice to the affected individuals if the security of certain PII is breached.
Examples of PII
Examples of Protected PII that may require legal notification of breach
- Social Security numbers
- Credit card numbers
- Financial account information
- Driver’s license numbers
Examples of Other Legally Protected PII that is considered Sensitive/Confidential
- Student Education Records
- Grades, Transcripts, Schedules
- Banking and personal financial information related to student financial aid that does not include account information (e.g. credit scores)
- Employee records (e.g. human resources)
Examples of Other Forms of PII with the potential for misuse
- Date of Birth
- User credentials (username and password)
- Partially redacted PII (e.g., last 4 digits of SSN)
- Colleague ID numbers
All electronic files that contain Protected PII will reside within a protected Kalamazoo College information system location. Protected PII is not to be downloaded or copied to any device or system.
PII will also not be sent through any form of insecure electronic communication e.g. E-mail or instant messaging systems. Significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed of improperly.
All physical files that contain Protected PII will reside within a locked file cabinet or room when not being actively viewed or modified.
When disposing of PII, the physical or electronic file should be shredded or securely deleted. For help with secure deletion please contact the Help Desk.