Personally Identifiable Information

• Email: Use the Encrypted option from your email software (i.e., Gmail, Outlook) as an add-on to
  securely send email to both internal and external recipients if the file contains PII-related data.
• Email Files: In the event you must attach a file/document, containing your PII, you should zip the
  files and incorporate password protection. Send two emails to the recipient: one with the
  password protected and zipped file attached; the other with the password to be used to access
  the file. Do not send both items in a single email.
• Finally, you should ask the recipient to contact you to confirm they have received the PII file and
  have been able to successfully access it. You should then delete both emails from your “Sent
  Items” folder.

If you receive a suspicious email or text message, don’t respond, click any links, or open attachments. Don’t sign on to your account from a link in a suspicious message.

Phishing is the fraudulent attempt to obtain sensitive information, such as usernames, passwords, and account details, typically through an email, text message, or even a phone call.

These messages may impersonate a company, charity, or government agency and often make up an urgent request to convince you to sign on to a fake site, open an email attachment containing malware, or respond with personal or account information. The information you provide can be used to commit identity theft or access your account to steal money.

Avoid downloading PII to portable devices (i.e., flash drive, external hard drive, etc.) to reduce the possibility that these devices are stolen.

Lock computers when you step away. Do not share passwords.

A “breach” is defined as loss of control, compromise, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for any reason other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.