Personally Identifiable Information
Personally Identifiable Information is information which can be used to distinguish or trace an individual's identity, such as their name, Social Security number, or biometric records, either alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and/or place of birth, mother's maiden name, etc.
Loyola University Chicago creates, collects, maintains, uses, and transmits personally identifiable information relating to individuals associated with the University including, but not limited to, students, alumni, faculty, administrators, staff, and service employees. The University is committed to protecting PII against inappropriate access and use in compliance with applicable laws and regulations in order to maximize trust and integrity.
The University Information Security Office (UISO) scans all faculty and staff computers for PII every six months to ensure information is being stored in accordance with University policy, and to maintain compliance with all applicable laws and regulations. For more information on this scanning program, see Spirion.
More information on specific laws and regulations can be found below:
The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law that protects the privacy of student education records. This law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA provides students with the right to inspect and review certain education records maintained by the school, and to request corrections if the records are inaccurate or misleading. It requires that schools obtain written permission before releasing information from a student’s education record. It also allows schools to publish certain "directory" information about students, unless the student has requested that the school not do so.
The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of Protected Health Information (PHI). It establishes regulations for the use and disclosure of PHI, including a patient’s health status, provision of health care, medical records, or payment history. Penalties for wrongfully disclosing PHI range from a $50,000 to $250,000 fine and a one to ten year prison term, depending on the circumstances. These penalties are for the individual, not the institution.
The Gramm-Leach-Bliley Act (GLBA) protects consumers' personal financial information held by financial institutions. It requires that financial institutions provide customers with a privacy notice explaining what information is collected, how it is used, and how it is protected. The penalty for failing to comply with GLBA is a fine of up to $100,000 for the institution, and up to $10,000 for the officers and directors of the institution.
The Personal Information Protection Act (PIPA) protects the personal information of Illinois residents. It requires that an institution which houses social security numbers, driver’s license numbers, state ID numbers, bank account numbers, and/or credit card numbers provide consumers with notice of any security breaches that compromise that information. A violation of this act is a violation of the Illinois Consumer Fraud and Deceptive Practices Act and could result in civil monetary penalties.