Where to store documents or files that contain personally identifiable information (PII Data)

It is IMT’s recommendation that any document or file that contains personally identifiable information (PII / P2) or sensitive personal information (SPI) should be stored in ARK, the university's online document repository. ARK has all of the protections in place that satisfies California security requirements. IMT is working on providing encryption as an option in Google Drive to enhance the protections to documents and files stored that contain PII data. This feature will be released soon.

 What is personally identifiable information

As defined by California Civil Code 1798.82 "Personally Identifiable Information" is defined as:

1. An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
1. Social security number
2. Driver’s license number or California identification card number
3. Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
4. Medical information
5. Health insurance information
6. Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5.
   
2. A username or email address, in combination with a password or security question and answer that would permit access to an online account. 

For purposes of this section, “encrypted” means rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security.

For purposes of this section, “personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

For purposes of this section, “medical information” means any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional.

For purposes of this section, “health insurance information” means an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals records.