Information Technology Services

Customer financial information, as defined in the Gramm-Leach-Bliley Act (GLBA), includes any nonpublic personal information that the university obtains from a customer in the process of offering a financial product or service. Offering a financial product or service includes offering student loans to students, receiving income tax information from a student's parent or guardian when offering a financial aid package, and providing other financial services. Nonpublic personal information includes but is not limited to bank and credit card account numbers and income and credit histories, whether in paper or electronic format.

Human subject information is defined as information obtained through all research conducted at Brandeis, which includes personally identifiable data collected for, used in or produced by research involving human subjects. Such data may also be subject to the security requirements defined in the Federal Information Security Management Act of 2002 (FISMA).

Protected health information is defined by the Health Insurance Portability and Accountability Act (HIPAA), which includes all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral. "Individually identifiable health information" is information, including demographic data, that relates to:

• The individual's past, present or future physical or mental health or condition,
• The provision of health care to the individual, or
• The past, present or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.

Personally identifiable information, as defined in Massachusetts General Law 93H, includes any data record (electronic or hard copy) that contains an individual's first name and last name (or first initial and last name) in combination with any of the following data elements that relate to the individual:

• Social Security number;
• Driver's license number or government-issued identification card number; or
• Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual's financial account; provided, however, that personal information shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Limit the amount of personal information that you share online by updating your privacy settings on websites, apps and mobile devices at least one or two times per year. Not sure where to begin? The National Cyber Security Alliance (NCSA) website provides direct links to update individual account privacy settings on popular devices and online services.

Working in a public space? People can easily over hear phone conversations, so make sure you move to a private area when discussing personal or confidential information. People can also unintentionally — or intentionally — see what's on your laptop or mobile device. Consider investing in a privacy screen to prevent shoulder surfing and to help protect sensitive work information or details about your personal life.

Much like using DUO for your Brandeis account, individuals can turn on two-step verification or multifactor authentication (MFA) whenever it's offered to help prevent unauthorized access to your mobile devices or online accounts. The National Institute of Standards and Technology provides more details about MFA and why it's important. The Two Factor Auth (2FA) website provides a list of websites that support two-step verification.

Use a virtual private network (VPN) while working from home or using public Wi-Fi networks, especially when using a banking app or conducting other important personal or professional business. VPNs create a secure, encrypted connection (like a tunnel) between your device and the network. You can also use incognito or private web browsing windows to limit the information collected in your browsing history, cookies or online forms.

Limit the kinds of personal information you share on social networking sites. And before you post those vacation pictures, remember that the same data used to help sort and store your photos by date and location can also (unintentionally) reveal where you live, work or vacation.

Online quizzes and games can be fun, but before taking that quiz to find out which Hogwarts house you belong in, think about how the personal details from your social media profiles might be sold to or shared with data collection companies. (Look for a privacy policy whenever you play a game or take a quiz to see how social media or affiliate sites may capture and use your personal data.)