Personally Identifying Information (PII) must always be handled with care. An important aspect of ensuring proper care is understanding how our changing work environment requires those who work with PII, or Information Owners, to maintain higher diligence in their responsibilities.
PII definition: Information that alone or in conjunction with other information identifies an individual, including an individual’s: Name, Social Security Number, date of birth, or government issued identification number.
See section 2.1.29 of the UNT System Information Security Handbook for larger list of possible PII information.
Remote work provides benefits to university employees. With those benefits comes additional risks and responsibilities for those protecting PII. The following guidance will assist you in the process of reviewing your PII handling procedures while working remote.
PII Document Accountability
Documents with PII should have the ability to be accounted for and secured. Misplaced or lost PII may result in a privacy incident and investigation. A privacy incident could place our university, its reputation, and our stakeholders at risk. Departments and individuals should communicate and plan on how PII will be addressed in a remote work situation and still maintain compliance with UNT System and local departmental policies (see links at bottom of page)
Physical documents should never go to an employee’s home. If no other option is available, the following should be considered:
|Inventory of documents should be accounted for and maintained both for the user who is taking home the document as well as the supervisor of management.||Documents need to be maintained and accounted for. Remote work increases the chance of lost or misplaced documents. Maintaining an inventory upholds accountability and awareness.|
Remote work adds additional concerns on how to transfer and protect PII. The following are guidelines to assist in making sound decisions:
|Access, store, and modify PII documents on an approved university location that is accessible by encrypted VPN when possible.||
Ideally all documents that contain PII should be stored in a secure location digitally or physically. For those that are digital the university provided VPN encrypts traffic to protect it. Storing documents on a university storage location can allow for access, storage, and even modification of the document with limited risk.
Documents with PII should not be stored or copied to a non-university device.
This includes but is not limited to computers, tablets, phones, or thumb-drives
Personal owned devices are not authorized to store university documents with PII. Storage of university information on a private device places the information at risk. University provided laptops uphold encryption and additional security protections that your personal devices will not have.
|Do not email or forward emails with PII to your personal email account.||Each employee should have an email account provided by the university. Sending a document to your private account places the document and its information at risk.|
|Do not print documents with PII from your personal printer||Personal printers maintain internal storage and when these devices are disposed of, the information stored can still be vulnerable.|
|Secure your university device and hard copy documents when not in use.||Failure to properly secure property can lead to theft, loss, or misuse resulting in a privacy incident.|
|Lock your screen when you walk away from your system.||
You never know who might be looking through windows or what website a family member might try to visit when you go for a cup of coffee. Systems used for university business should be secured and only access by authorized individuals.
Important university PII associated links:
For questions related to PII or Information Security please reach out to your local department or us directly at: firstname.lastname@example.org