Best Practices Guide for Information Collection/Manipulation
Introduction - What is Personal/Private Information?
Identity theft is a very real threat in today's technology dependent society. UM-Flint employees must do their part to avoid endangering personal information. To help the campus community towards this goal, ITS provides this guide to advise users on some safety measures that should be employed when working with electronic forms. It is also recommended that form designers refer to UM-Ann Arbor's Privacy Matters campaign. This guide is not designed to cover every legal aspect of gathering personal information by electronic means, but merely to begin to educate form designers.
Private Personal Information (PPI) is any information about a person that can be used to identify, contact, or locate the person. All of the items listed below are considered Private Personal Information and should be treated as highly confidential, especially when gathered together:
- Full Name
- Birth Date
- SSN (or other national identification number)
- Driver's License Number
- Credit Card Number
- Student Records
- Patient Health Information that can be used to indentify an individual
- Human Subject Research that can be used to identify an individual
Collecting PPI - Do you really need it?
Accessing and Saving PPI
When it is necessary to gather PPI employ these tips to keep the information safe:
- Don't export response results from FormAssembly unless it is absolutely necessary to work with the data.
- If you must export response results make sure they are stored in a secure location and don't leave multiple copies lying around.
- Do NOT store files containing PPI on departmental drives or where unauthorized persons could potentially access them.
- After you are done working with exported results delete them as soon as possible using one of these secure methods for deletion:
- For Windows computers:
- Use the Secure delete command.
- Use a Windows virtual file shredder program such as Heidi Eraser or ShredIt for Windows.
- For Mac computers:
- Use "Secure Empty Trash" command.
- Use file shredder software such as ShredIt.
- If you must make paper print-outs of PPI make sure that they are properly disposed of - cross-cut shredders are the preferred method. Do not leave print-outs lying around a meeting room after they are used.
- Don't discuss PPI in public areas where other people might hear your discussion.