Viewable by the world
Group Access to CIO
Can VIEW the space: cio-editors ,  anonymous ,  all-lbnl-users ,  confluence-administrators , 
Can EDIT the space: confluence-administrators , 
Can ADMINISTER the space: confluence-administrators , 
Individual Access to CIO
Can VIEW the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
Can EDIT the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
Can ADMINISTER the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]

Versions Compared

Old Version 21

changes.mady.by.user Steve Lau

Saved on

compared with

New Version 22

changes.mady.by.user Rainier Hurtado Elias

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Berkeley Lab is serious about protecting your private personal information. While most of our work is open and publishable, categories certain types of operational and research information must be protected according to Federal and State Law, as well as our own good judgment. If you have any questions about protecting private personal information, contact itpolicy@lblprivacy@lbl.gov.

What is

...

Personal Information?

Protected Information includes Personally Identifiable Information (PII). Berkeley Lab defines the following information, alone or in combination, as Protected Information:

  • Social security numbers
  • Financial account information
  • Drivers license numbers
  • California state ID number
  • Health information with personal identifiers, for example:
    • Name plus insurance number
    • Employee ID plus treatment information
    • Any unique ID plus any medical information
Warning
 DANGER: Social Security Number, Driver's License #, CA State ID #, Financial Account Number, Health information

Why do we care so much about privacy?

A loss of Protected Information not only affects people’s privacy, but could hurt Berkeley Lab's reputation and affect our open computing environment.

Personal information consists of any information processed by LBNL staff in support of official laboratory business which relates to or describes an identifiable individual. Personal information is an overarching term that encompasses highly sensitive personally identifiable information (personal information subject to legal, regulatory, or contractual obligations), prudent to protect personal information, and publicly available information (such as directory information or information that is lawfully made publicly available by government agencies). 

The below figure provides a high-level overview of the different kinds of personal information and their inherent risk profile.

Image Added

Personal Information Rated "Controlled" - Personally Identifiable Information (PII)

The below data elements are included in the definition of personal information and are regarded as "Controlled." These are the most sensitive types of personal information. Any use of Controlled This also means that our employees are our first line of defense. Always ask yourself - do we really need to use Protected Information? Could something else, like employee ID, work just as well?

How can you help us?

Help us by making sure our Protected Information Requirements are met. Note:

  • Use of Protected Information must be approved.
  • Protected Information may only be stored in Institutional Business Systems (HRIS, FMS, etc)
    • Note: email, gdocs, calendar are NOT Institutional Business Systems.
  • Protected Information is prohibited on workstations.
  • Contact Contact [email protected] if you need help or suspect our requirements aren't being met.
  • Immediately report any suspected or known loss of Protected Information to [email protected]

  1. Data Breach-Notice triggering Personal Information

...

  1. (under the California Information Practices Act, Cal. Civ. Code 1798.29), specifically:

    1. A combination of first name or first initial and last name and:

      1. Government Identifiers: Social Security Numbers, Drivers License Numbers, Passport Numbers, Green Card Numbers, and any other government-issued identifiers commonly used to identify an individual

      2. Employee health information, including records originating from a healthcare provider containing descriptions of conditions, diagnosis, prescriptions, referrals, visits, and other health information, insurance and/or claims-related information.

      3. Biometric Information

      4. License Plate Recognition System information

      5. Financial account information (such as debit and credit account information), including PINs or other authentication information

    2. Usernames and Passwords that would permit someone to access an online account.

  2. Personally Identifiable Information stored in Department of Energy-owned records maintained in Privacy Act Systems of Records

  3. Certain Sensitive Personal Data of EU residents contained in records subject to the General Data Protection Regulation.

  4. Certain datasets determined to be highly sensitive pursuant to a documented risk assessment by the Privacy Officer.

Personal Information Rated "Prudent To Protect"

The below data categories and elements are included in the definition of personal information and are generally regarded as "Prudent to Protect." Note that certain information collections containing purely prudent-to-protect information may be regarded as highly sensitive depending on a number of factors, including the total number of data elements for any one individual, the number of individuals and records present in the data set, and other factors. 

  1. Contact Information: home address, home telephone number. 
  2. Demographic Information: Gender, Gender Identity and Expression, Sexual Orientation, Racial or Ethnic Origin, Religious Affiliation, Political Beliefs, Date of Birth, Disability Status, Veteran Status, Salary.
  3. Employment-Related Information: employee performance information, credit reports, drug test results, information related to the processing of security clearances, certain kinds of employee health records, job-application information, education information.
  4. Online Behavior: web browsing history, IP Address, MAC Address, Email Address, Usernames, social media-related activities performed through an individual’s personal account.
  5. Precise Geolocation
  6. Authentication Information: answers to security questions (mother’s maiden name, favorite childhood friend, etc.). 
  7. Pictures, audio, and/or video recording: CCTV Captures, Meeting Recordings

Personal Information not rated Prudent to Protect or Controlled

The below data categories and elements are included in the definition of personal information but are not subject to controls beyond what applies to information generated in the course of pursuit of LBNL's mission (such as information intended for publication).

  1. Directory Information: this consists of information related to an individual published to facilitate contact with LBLN workforce members. This consists of information made publicly available on phonebook.lbl.gov such a your name, work email, phone, mailbox, and office information. 
  2. De-Identified Information: this consists of personal information previously considered prudent to protect or controlled, but which has been rendered unidentifiable through one of many processes, such as pseudonymization and anonymization.