PII (Personally Identifying Information) Program
This program was conducted from late 2007 to early 2010. As of March 1, 2010 the program ended, but the work of the program continues under the complaince efforts surrounding MIT's Written Information Security Program (WISP).
The program was launched in response to increasing concerns regarding identity theft and the changing legal landscape with regard to safeguarding PII. Its focus was to identify and limit all the places at MIT where Social Security numbers (SSN) were and are being collected or recorded -- computer systems as well as paper files. The work ensures that any SSN we need to retain for business purposes are effectively protected.
Since the data collection phase encompasses the whole campus, members of the PII Program were available to present to groups or talk with individuals on different protection methods, including:
- Being aware of documents with PII in hardcopy and electronic files (e.g. Request for Payment form).
- Protecting any PII needed for business reasons (e.g. locking up files and password protecting them).
- Appropriately disposing of any documents/computer files with PII by using a cross-cut shredder or certified shredding service or by using Departmental Services from IS&T to handle reassigned or decommissioned computers.
- Updating forms and processes to eliminate PII wherever possible (e.g. using MIT ID rather than SSN).
The team collected input from across the MIT community and initiated some projects to reduce the risk of PII being inadvertently compromised (e.g. reducing access to SSN via the data warehouse.)
Questions about this work can be addressed to infoprotect@mit.edu.
