Information Technology Services

Home / Information Security / Privacy 101 / Information Protected by Law

Information Protected by Law

Customer Financial Information

Customer financial information, as defined in the Gramm-Leach-Bliley Act (GLBA), includes any nonpublic personal information that the university obtains from a customer in the process of offering a financial product or service. Offering a financial product or service includes offering student loans to students, receiving income tax information from a student's parent or guardian when offering a financial aid package, and providing other financial services. Nonpublic personal information includes but is not limited to bank and credit card account numbers and income and credit histories, whether in paper or electronic format.

Human Subject Information

Human subject information is defined as information obtained through all research conducted at Brandeis, which includes personally identifiable data collected for, used in or produced by research involving human subjects. Such data may also be subject to the security requirements defined in the Federal Information Security Management Act of 2002 (FISMA).

Protected Health Information

Protected health information (PHI) is defined by the Health Insurance Portability and Accountability Act (HIPAA), which includes all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. "Individually identifiable health information" is information, including demographic data, that relates to:

The individual's past, present or future physical or mental health or condition,
The provision of health care to the individual, or
The past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.

Personally Identifiable Information

Personally identifiable information (PII), as defined in Massachusetts General Law 93H, includes any data record (electronic or hard copy) that contains an individual's first name and last name (or first initial and last name) in combination with any of the following data elements that relate to the individual:

Social Security number;
Driver's license number or government-issued identification card number; or
Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; provided, however, that personal information shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.