Personally Identifiable Information
Frequently Asked Questions
Not protecting your personal information can have a direct and critical impact on your life. The loss of PII can result in substantial harm, embarrassment, and inconvenience to you and may lead to identity theft or other fraudulent use of your personal information.
- Email: Use the Encrypted option from your email software (i.e., Gmail, Outlook) as an add-on to
securely send email to both internal and external recipients if the file contains PII-related data. - Email Files: In the event you must attach a file/document, containing your PII, you should zip the
files and incorporate password protection. Send two emails to the recipient: one with the
password protected and zipped file attached; the other with the password to be used to access
the file. Do not send both items in a single email. - Finally, you should ask the recipient to contact you to confirm they have received the PII file and
have been able to successfully access it. You should then delete both emails from your “Sent
Items” folder.
If you receive a suspicious email or text message, don’t respond, click any links, or open attachments. Don’t sign on to your account from a link in a suspicious message.
Phishing is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and account details, typically through an email, text message, or even a phone call.
These messages may impersonate a company, charity, or government agency and often make up an urgent request to convince you to sign on to a fake site, open an email attachment containing malware, or respond with personal or account information. The information you provide can be used to commit identity theft or access your account to steal money.
Avoid downloading PII to portable devices (i.e., flash drive, external hard drive, etc.) to reduce the possibility that these devices are stolen.
Lock computers when you step away. Do not share passwords.
A “breach” is defined as loss of control, compromise, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for any reason other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.