|
|
||||||||||||||||||
...
Personal Information Rated "Controlled" - Personally Identifiable Information (PII)
The below data elements are included in the definition of personal information and are regarded as "Controlled." These Data elements under the PII category are the most sensitive types of personal information at the Lab. Any use of Controlled
How can you help us?
Help us by making sure our Protected Information Requirements are met. Note:
...
- Note: email, gdocs, calendar are NOT Institutional Business Systems.
...
, transmission, storage, destruction, or other processing of PII must be approved by the IT Division. Any actual
Data Breach-Notice triggering Personal Information (under the California Information Practices Act, Cal. Civ. Code 1798.29), specifically:
A combination of first name or first initial and last name and:
Government Identifiers: Social Security Numbers, Drivers License Numbers, Passport Numbers, Green Card Numbers, and any other government-issued identifiers commonly used to identify an individual
Employee health information, including records originating from a healthcare provider containing descriptions of conditions, diagnosis, prescriptions, referrals, visits, and other health information, insurance and/or claims-related information.
Biometric Information
License Plate Recognition System information
Financial account information (such as debit and credit account information), including PINs or other authentication information
Usernames and Passwords that would permit someone to access an online account.
Personally Identifiable Information stored in Department of Energy-owned records maintained in Privacy Act Systems of Records
Certain Sensitive Personal Data of EU residents contained in records subject to the General Data Protection Regulation.
Certain datasets determined to be highly sensitive pursuant to a documented risk assessment by the Privacy Officer.
...
