Each day during UC Merced’s Ethics and Compliance Week (November 4-8, 2019), we publish a daily Compliance Quick Topic and quiz question. The quiz for this topic has already expired, but look out for today's topic!
Compliance Quick Topic: Personally Identifiable Information (PII)
Do you have access to PII? Did you know the University of California requires employees with access to personally identifiable information to adhere to specific rules of conduct?
Personally identifiable information (PII) is any information that describes or identifies an individual, including but not limited to:
- Name: full name, maiden name, or alias
- Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, financial account number, or credit card number
- Personal address information: street address, or email address
- Personal telephone numbers
- Personal characteristics: physical description or photographs (particularly of the face or other identifying characteristics), fingerprints, or handwriting
The University of California requires employees adhere to the following rules of conduct concerning minimum standards for the collection, maintenance, disclosure, safeguarding, and destruction of information containing PII.
- Employees responsible for the collection, maintenance, use, and dissemination of PII, must comply with the provisions of the California Information Practices Act of 1977.
- Employees must not require individuals to disclose PII about themselves or others that is not necessary and relevant to the purposes of the University or to the particular function for which the employee is responsible.
- Employees must make every reasonable effort to ensure inquiries and requests by individuals for records containing their PII are responded to quickly, courteously, and without requiring the requester to repeat the inquiry to others unnecessarily.
- Employees must assist individuals seeking information pertaining to themselves with making their inquiries sufficiently specific and descriptive to facilitate locating the records.
- Employees must not disclose PII to unauthorized persons or entities.
- Employees must not seek out or use PII relating to others for their own interest or advantage.
- Employees responsible for the maintenance of records containing PII must take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the records from unauthorized access, use and disclosure.
