|
|
||||||||||||||||||
...
The below figure provides a high-level overview of the different kinds of personal information and their inherent risk profile.
Personal Information Rated "Protected" - High Risk Personal Information
Data elements under the PII category are the most sensitive types of personal information at the Lab. Any use, transmission, storage, destruction, or other processing of PII must be approved by the IT Division. Any actual
Data Breach-Notice triggering Personal Information (under the California Information Practices Act, Cal. Civ. Code 1798.29), specifically:
Government Identifiers: Social Security Numbers, Drivers License Numbers, Passport Numbers, Green Card Numbers, and any other government-issued identifiers commonly used to identify an individual
Employee health information, including records originating from a healthcare provider containing descriptions of conditions, diagnosis, prescriptions, referrals, visits, and other health information, insurance and/or claims-related information.
Biometric Information
License Plate Recognition System information
Financial account information (such as debit and credit account information), including PINs or other authentication information
A combination of first name or first initial and last name and:
Usernames and Passwords that would permit someone to access an online account.
Personally Identifiable Information stored in Department of Energy-owned records maintained in Privacy Act Systems of Records
Certain Sensitive Personal Data of EU residents contained in records subject to the General Data Protection Regulation.
Certain datasets determined to be highly sensitive pursuant to a documented risk assessment by the Privacy Officer.
Personal Information Rated "Prudent To Protect"
The below data categories and elements are included in the definition of personal information and are generally regarded as "Prudent to Protect." Note that certain information collections containing purely prudent-to-protect information may be regarded as highly sensitive depending on a number of factors, including the total number of data elements for any one individual, the number of individuals and records present in the data set, and other factors.
- Contact Information: home address, home telephone number.
- Demographic Information: Gender, Gender Identity and Expression, Sexual Orientation, Racial or Ethnic Origin, Religious Affiliation, Political Beliefs, Date of Birth, Disability Status, Veteran Status, Salary.
- Employment-Related Information: employee performance information, credit reports, drug test results, information related to the processing of security clearances, certain kinds of employee health records, job-application information, education information.
- Online Behavior: web browsing history, IP Address, MAC Address, Email Address, Usernames, social media-related activities performed through an individual’s personal account.
- Precise Geolocation
- Authentication Information: answers to security questions (mother’s maiden name, favorite childhood friend, etc.).
- Pictures, audio, and/or video recording: CCTV Captures, Meeting Recordings
Personal Information not rated Prudent to Protect or Controlled
The below data categories and elements are included in the definition of personal information but are not subject to controls beyond what applies to information generated in the course of pursuit of LBNL's mission (such as information intended for publication).
...
