ϲʹ

Skip to main content

Protection of Personally Identifiable Information

ϲʹ this Policy

Protection of Personally Identifiable Information

Policy Number: 11010


Effective Date:
Dec 12, 2017

Last Updated:

Responsible Office:
UM System Controller's Office

Responsible Administrator:
Vice President for Finance and Administration

Policy Contact:

Campus Accounting Office

Categories:

  • General Administration

Request additional information

Menu:

Scope

Addresses the need to protect Personally Identifiable Information (PII).  This policy covers all personally identifiable financial records and information regardless of where it resides as well as the Personally Identifiable Information of University Customers who have “Covered Accounts” as defined by the Fair and Accurate Credit Transactions Act (FACTA) of 2003.

Reason for Policy

To safeguard the University, its employees and Customers from financial loss.

Policy Statement

The University will, to the extent reasonably possible, protect the privacy, security and confidentiality of Personally Identifiable Information and financial records, and take steps to detect, prevent and mitigate Identity Theft.

An Identity Theft Prevention Program and a Gramm-Leach-Bliley Program have be established and all areas, departments, colleges and schools of the University which hold PII or financial records and/or Covered Accounts must comply with the requirements of these programs.

Definitions

Personally Identifiable Information (PII) – information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

Covered Accounts - an account that the university offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or any other account that the university offers or maintains for which there is a reasonably foreseeable risk to Customers from Identity Theft.  A covered account includes certain types of arrangements in which an individual establishes a "continuing relationship" with the university, including billing for services rendered.

Customer - a person that has a covered account with the ϲʹ.

Identity Theft - fraud or theft committed or attempted using the personal identifying information of another person without that person’s authority.

Accountabilities

The Vice President for Finance and Administration will be primarily responsible for development, implementation and enforcement of programs designed to implement this policy.

Each employee in contact with PII of employees or Customers is responsible for keeping the information confidential.

Additional Details

Forms

 

Related Information

Identity Theft Prevention Program: https://umsystem.edu/ums/fa/itpp/

Gramm-Leach-Bliley Program: https://umsystem.edu/ums/fa/glb

History

Formerly Business Policy Manual – 110 Protection of Personally Identifiable Financial and Account Information (effective 2/6/2009).

Procedure

Identity Theft Prevention Program: https://umsystem.edu/ums/fa/itpp/

Reviewed 2017-12-06