What is Personally Identifiable Information?
Personally Identifiable Information is any personal information that is linked or linkable to a student, Faculty/Staff member's identity, so that the cumulative effect of multiple disclosures of data allows for the compromise of that user's identity.
How can Personally Identifiable Information be defined?
According to KCTCS policy 4.2.5, section 188.8.131.52, sensitive data (PII) can be classified into three subtypes:
Section 184.108.40.206.1 of the KCTCS policy outlines examples of non-compliance regarding the responsible use of confidential and restricted information data elements, namely:
- Viewing or distributing confidential or restricted information without authorization
Classification Types and Data Elements
Confidential information, the highest level of sensitivity, is defined as information that could cause substantial damage to or liability by KCTCS if treated irresponsibly.
Confidential Information is defined by substantial damage to or liability by KCTCS if treated irresponsibly. The lack of safeguards applied around this data type can effectively lead to a data breach if data were to be disclosed. This information is subject to disclosure upon appropriate legal and administrative review.
Restricted Information (Relates to FERPA data elements)
Restricted information is information that, if compromised, could constitute a potential FERPA violation if enough coupled data were to be compromised.
There are cases where Restricted information or Restricted information coupled with other identities, restricted or otherwise, is required to be sent via email. If you are limited to work only within the body of an email and cannot use OneDrive to store this information for referencing, then please refer to the information handling section of the data classification policy:
Public/Directory information, the lowest level of sensitivity, is not considered at-risk information if the information were to be sent or viewed by the unintended recipient.
The goal of information security, as stated in the KCTCS Information Security Policy, is to protect the confidentiality, integrity and availability of Institutional Data. Data classification reflects the level of impact to the KCTCS if confidentiality, integrity or availability is compromised.
|Foundation Donor Information - all data in Donor Database||Confidential|
|Health Information (Email, Medical Records, Patient Information, Dates, Certain Business Numbers, etc…)||Confidential|
|Social Security number||Confidential|
|Driver's License number||Confidential|
|All payment card data (including all credit/debit cards and cardholder information)||Confidential|
|Bank Account Number or other financial account numbers||Confidential|
|Student Loan Information (Account Numbers, Credit Information, etc.)||Confidential|
|Passwords, passphrases, PIN numbers, security codes, access codes||Confidential|
|Student Academic Transcript||Confidential|
|Student Country of Birth or Citizenship||Confidential|
|Student/EmployeeID (KCTCS 9 digit ID)||Restricted|
|Country of birth or citizenship||Restricted|
|Job action reason (e.g. terminations or leave)||Restricted|
|Benefits enrollment info||Restricted|
|Payroll information (e.g. taxes, deductions, etc.)||Restricted|
|Date of Birth/Age, place of birth||Public|
|Name – Employee/Student||Public|
|Local and/or permanent address||Public|
|Dates of first and last employment||Public|
|Business Telephone Number||Public|
|Previous work experience||Public|
|Education & Training Background||Public|
|Home Mailing Address||Public|
Major field of study