Sensitive Personal Identifying Information (PII) is defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual(1).
In general terms it is any information that could be used by criminals to conduct identity theft, blackmail, stalking, or other crimes against an individual. Federal and State laws, and University regulations dictate how this information must be stored, transmitted, and processed.
Northeastern requires that all laws and regulations are followed to ensure the protection and safety of our community. Contact the Office of Information Security (firstname.lastname@example.org) for more information about PII.
Sensitive PII include:
- Social security numbers
- Bank account numbers
- Passport information
- Healthcare related information
- Medical insurance information
- Student information
- Credit and debit card numbers
- Drivers license and State ID information
This table describes the different sets of regulations:
|Handling of this type of information||Must be in compliance with this law, regulation or policy…||Which can be read at this location…|
|Student information||Family Educational Rights and Privacy Act (FERPA) of 1974||http://www.neu.edu/registrar/ferpa.html|
|Ex: educational records including grades, transcripts, class schedule, billing records *|
|Protected health information (PHI)||Health Insurance Portability and Accountability Act (HIPAA) of 1996||http://www.neu.edu/adminm/HIPAA_Privacy_Practices.pdf|
|Ex: any health information created or received by a health care entity that includes individually identifiable information *|
|Social Security Number (SSN) and Personal Information||NU Policy on Collection, Handling and Use of the Social Security Number and Personal Information||http://www.northeastern.edu/infoservices/wp-content/uploads/ssnpolicy.pdf|
|Social Security Numbers *|
|Personal Identifying Information (Pii)||Massachusetts Data Protection Laws (MA201 CMR 17.00)||http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf|
|Ex: name with bank account information, credit card number, social security number, driver’s license number *|
* Not a complete list, see statute for complete list or contact the Office of Information Security for more information.