Areas at MIT Handling Sensitive Data
As outlined in the WISP, and effective March 1, 2010, anyone who has "personal information" (PIRN) of Massachusetts residents must protect this information per the regulations of 201 CMR §17. MIT collects PIRN both in paper and electronic format. Minimizing the collection and retention of PIRN is the most effective way to prevent a data breach.
The information included in this section of the site as well as the related section in the WISP can be used as a reference by employees at MIT when determining where to look for sensitive data and which actions they can take to mitigate risk.
Processes such as the ones listed below are just a few places where employees at MIT may come across personal information. Be sure to take a note of other places to look where storage of sensitive data may not be obvious at first glance.
Note: Now that some of the processes listed below are being transferred to an electronic online format, this shall minimize the collection of paper records by local Departments, Labs and Centers.