Contents
Can you log PII?
For logging PII data fields, we replace all the characters with a hash of the original value keeping the length of the string the same. We also allow the programmer to specify how many characters to show or keep without masking. For example, when we log the social security number, we do show the last 4 digits.
How should PII be handled?
Secure Sensitive PII in a locked desk drawer, file cabinet, or similar locked enclosure when not in use. When using Sensitive PII, keep it in an area where access is controlled and limited to persons with an official need to know. Avoid faxing Sensitive PII, if at all possible.
Can PII be emailed?
Emails containing personally Identifiable Information (PII) should only be sent to recipients with an official need-to-know. The email must be digitally signed and encrypted. It is against policy to send PII to group email addresses.
What is the best example of PII?
Examples of personally identifiable information (PII) include :
- Social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, and financial account or credit card number.
- Personal address and phone number.
What are the rules and policies for PII?
CIO GSA Rules of Behavior for Handling Personally Identifiable Information (PII) Purpose: This directive provides GSA’s policy on how to properly handle PII and the consequences and corrective actions that will be taken if a breach occurs.
What does personally identifiable information ( PII ) stand for?
Personally Identifiable Information (PII). The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable…
When does a vendor have access to PII?
The following examples on their own do not constitute PII as more than one person could share these traits. However, when linked or linkable to one of the above examples, the following could be used to identify a specific person: When Would a Vendor Have Access to PII? Examples of services or work involving vendor access to PII include:
What does the protecting PII-Privacy Act mean?
Rules and Policies – Protecting PII – Privacy Act. The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.