About this Policy
Protection of Personally Identifiable Information
Policy Number: 11010
Effective Date:
Dec 12, 2017
Last Updated:
Responsible Office:
UM System Controller's Office
Responsible Administrator:
Vice President for Finance and Administration
Policy Contact:
Campus Accounting Office
Categories:
- General Administration
Menu:
- Scope
- Reason for Policy
- Policy Statement
- Definitions
- Accountabilities
- Forms
- Related Information
- History
- Procedure
Scope
Addresses the need to protect Personally Identifiable Information (PII). This policy covers all personally identifiable financial records and information regardless of where it resides as well as the Personally Identifiable Information of University Customers who have “Covered Accounts” as defined by the Fair and Accurate Credit Transactions Act (FACTA) of 2003.
Reason for Policy
To safeguard the University, its employees and Customers from financial loss.
Policy Statement
The University will, to the extent reasonably possible, protect the privacy, security and confidentiality of Personally Identifiable Information and financial records, and take steps to detect, prevent and mitigate Identity Theft.
An Identity Theft Prevention Program and a Gramm-Leach-Bliley Program have be established and all areas, departments, colleges and schools of the University which hold PII or financial records and/or Covered Accounts must comply with the requirements of these programs.
Definitions
Personally Identifiable Information (PII) – information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
Covered Accounts - an account that the university offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or any other account that the university offers or maintains for which there is a reasonably foreseeable risk to Customers from Identity Theft. A covered account includes certain types of arrangements in which an individual establishes a "continuing relationship" with the university, including billing for services rendered.
Customer - a person that has a covered account with the ɫƵ.
Identity Theft - fraud or theft committed or attempted using the personal identifying information of another person without that person’s authority.
Accountabilities
The Vice President for Finance and Administration will be primarily responsible for development, implementation and enforcement of programs designed to implement this policy.
Each employee in contact with PII of employees or Customers is responsible for keeping the information confidential.
Additional Details
Forms
Related Information
Identity Theft Prevention Program: https://umsystem.edu/ums/fa/itpp/
Gramm-Leach-Bliley Program: https://umsystem.edu/ums/fa/glb
History
Formerly Business Policy Manual – 110 Protection of Personally Identifiable Financial and Account Information (effective 2/6/2009).
Procedure
Identity Theft Prevention Program: https://umsystem.edu/ums/fa/itpp/
Reviewed 2017-12-06