Information Security Practices

BRCTC follows robust information security practices. Review this guide to learn how to identify and protect administrative records containing personally identifiable information (PII).

What is Personally Identifiable Information (PII)?

The term PII…refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual” U.S. General Services Administration

Section One Icon

Categories Of PII: Protected PII And Non-sensitive PII.

Section Two Left Icon

Protected PII

Access to protected PII must be restricted to only those employees who need it to perform duties in connection with the scope of their work at the college. Protected PII must be protected, and properly stored and disposed of. Examples of protected PII include, but are not limited to:

Section Two left Side Icon

Personal identifiable numbers: social security numbers (SSN), credit card number, bank account number
Home telephone numbers
Age
Birthdate
Biometric identifiers (fingerprints, voiceprints, iris scans, etc)
Medical history
Financial information
Computer passwords
Student academic records (grades)

Section Two Right Side Icon

Non-sensitive PII

“Non-sensitive PII is information that is not linked or closely associated with protected PII that, by itself, could not reasonably be expected to result in personal harm” U.S. Department of Labor. Examples of non-sensitive PII include, but are not limited to:

Section Two Right Side Icon 1

First and last names
Email addresses
Student identification numbers (C#)
Business address and telephone numbers
General education credentials (e.g., degrees earned)
Gender
Race

However, in some circumstances, providing a combination of multiple items in the non-sensitive PII could potentially result as protected PII.

What Should Faculty and Staff do to Secure Information?

Section Three Icon 1

Safeguard all student and employee information

Section Three Icon 2

Obtain approval from your supervisor prior to taking any protected PII away from the office

Section Three Icon 3

When such approval is granted, the employee must adhere to all college security rules, policies, and procedures regarding HIPPA, FERPA, PII, and other sensitive and/or protected information.

On occasion, a student, employee, or vendor may email protected PII. In these instances, you should email the individual and inform them of the proper avenue to share their protected PII. Additionally, you must immediately delete and empty your email trash. Below is an example of an excerpt to communicate the process.

“I have received your (document); however, please note that an email is an unacceptable form for transmission for (documents) as it is not a secure method of transmitting personally identifiable information (PII). I have deleted your original email from my inbox and deleted items folder. In the future, please submit (documents) via fax, or USPS, or request a link to submit (documents) via secure transfer. Please let me know if you have any questions.”
protected information.

Section Four Icon 1

For more information, please review the U.S. Department of Labor’s Guide on the Handling and Protection of Personally Identifiable Information (PII).

Section Four Icon 2

For information on the systematic review, retention, and destruction of documents received or created please refer to the Board of Governors Policy Series 1, Rule 17.1 General Rules Record Retention

Sidebar Icon

×

Quick Links

Increase Font Size

Decrease Font Size