Data Privacy Week – topic 3: Collection of and access to sensitive personally identifiable information

Sensitive personally identifiable information (PII) is typically information that individuals would consider private or that could cause harm to them if unauthorized access and use occurred. The problem is that most of the technological world relies on personal information to provide a service to customers. This information is usually protected by certain regulatory or legal requirements which necessitates a certain level of data security practices to be implemented to maintain the confidentiality, integrity and availability of the data.

The volume and type of sensitive data you manage is directly linked to the costs associated with protecting it. Implementing legal and regulatory requirements for such data significantly contributes to these expenses. Additionally, holding large amounts of sensitive PII across multiple locations increases the risk of becoming a target for malicious actors who seek to monetize sensitive data for illegal purposes.

To address these challenges, it is crucial to collect or access sensitive data only when there is a legitimate purpose and to minimize its use and storage wherever possible. WSU Policy 19.01 / Acceptable Use outlines specific restrictions on storing sensitive information, such as Social Security numbers or credit card data, to help mitigate these risks. Take a look at your OneDrive or through email. What kinds of sensitive PII are being collected in there that no longer need to be?

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).