Sensitive Data |

Do you handle sensitive data that is considered Personally Identifiable (“PII”) or non-public information (“NPI”)? If you do, are they stored in the correct places? If you are collaborating with others, are the data kept in secure and encrypted locations? Are the files transferred using a secure method such as Kiteworks?

Please refer to the Data Classification and Secure Storage Policy for more information on approved storage and transmission methods.

In general, PII refers to any information that allows the identity of an individual to be indirectly or directly inferred. The following are some examples of PII:

Names
Addresses
Social Security numbers
Telephone numbers
Email addresses
Purchase history
Internet browsing history
Fingerprints
Combination of gender, race, birth dates, and/or geographic indicators

The Federal Trade Commission (“FTC”) defines NPI in the Gramm-Leach-Bliley Act. According to the FTC, NPI includes any information that an individual provides to obtain a financial product or service, unless that information is otherwise “publicly available”. It can also include information obtained from a transaction or in connection with providing a financial product or service.

The following are some examples of NPI:

Names
Addresses
Income information
Social Security numbers
Data submitted on an application
Account numbers
Payment history

If you have access to any PII or NPI data that are not secure according to the Data Classification and Secure Storage Policy, please reach out to Technology for assistance.

Recently, there have been several high-profile cases in which colleges’ sensitive information has been made publicly available via cyber attacks, phishing scams, or internal error. These data breaches have taken a reputational and financial toll on Boston University, the University of Maryland, and Indiana University, and exposed the data of more than 450,000 students and employees.

We’d like to take this opportunity to remind you to be aware of unlawful attempts to access your data, and to communicate a change we’ve instituted to make some Simmons websites more readily identifiable.

Phishing scams are attempts to obtain confidential information using emails, websites, and even phone calls that appear to be from a trusted source. Often, phishing emails mask the “from” address to create the appearance that they’ve been sent by a colleague or friend, or as an alert from your bank. Links included in these emails will direct you to websites that look very much like the sites for services you use and will ask you to enter your username and password or other personal information.

Recent widespread examples of phishing scams have affected Gmail and Bank of America. While some scams are very sophisticated, there are a few things you can do to stay safe.

First, do not click links in emails that appear to be suspicious and never respond to an email requesting sensitive information. If an email contains suspicious links or requests for information from a trusted source, navigate to their website manually (instead of clicking a link) or call them to verify the request.

When visiting secure websites, check the address bar in your web browser to make sure it matches what you’re seeing on-screen. For example, all secure website addresses at Simmons begin with https:// and end with the .simmons.edu domain.

To help make our secure websites more easily identifiable, we’ve introduced visual identifiers for login.simmons.edu and connection.simmons.edu. If you see green on the left side of the address bar along with the text “Simmons College (US),” you’re in the right place.

Finally, remember that a trusted source, such as Simmons College, will never ask for your password or other personal information via email or phone. If you’re unsure about the validity of an email or website, you can always contact the Service Desk at 617-521-2222 for help.

Simmons TechNews

Tag Archives: Sensitive Data

Protecting Our Data

Enhancing Data Security and Protecting Sensitive Information