The University of Arizona
Home » Projects & Initiatives

Personal Information Sweep (IS-P301)

Ready to submit your forms?  Please click here for instructions.

This page includes important information about the Personal Information Sweep. Please read it first before proceeding to Step 1.

We strongly recommend viewing the information overview before beginning. It contains additional information about the Personal Information Sweep. Viewing requires a UA NetID.

The University Information Security Officer must approve exceptions to this procedure. Refer to the Exceptions Procedure and the Exceptions Form for more information.

You can navigate to the next step by clicking on the link at the bottom of each page (or section) or by clicking on the steps in the column on the left.

Protection of personal information is of utmost importance at The University of Arizona. The Personal Information Sweep is a program designed to assist people who store UA information electronically.

Why Secure Personal Information?

Personal information on a lost, stolen or hacked computer can be harvested and used to steal identities. When the security of personal information is believed to be breached, hundreds of hours of staff time and considerable financial and reputational cost can be involved in investigating and repairing the breach and in notifying those affected.

Concerns about identity theft have spurred several industry and legislative responses that address the security of the types of personal information used and stored at UA. In addition, UA employees are required to retain and dispose of records that may contain personal information in accordance with legal requirements. Failure to meet these requirements can result in costly penalties for your department.

The Information Security Policy and the Policy on Acceptable Use of Computers and Networks make it clear that access to UA data, computers and networks is a privilege conditioned on users' compliance with laws and UA policy. To achieve compliance, a computer user must protect personal information while it is still in use and securely delete it when it is no longer needed. While the requirement seems simple, many computer users do not know whether their computers contain personal information. Even if they do know that they have personal information, they may not know where it is located.

What is Personal Information?

Personal information includes first name or initial and last name accompanied by:

  • Social Security Number (including a Student ID number not beginning with an “S” or “889”)
  • Arizona driver’s license number
  • Arizona non-operating identification license number (State ID card)
  • credit card, debit card or bank account number with any required security code or password

This information can be used to uniquely identify a single person and is generally kept private.

Who is Responsible for Securing Personal Information?

UA personnel are responsible for the security of UA information stored, sent or displayed using computing and communications resources, whether or not those resources are owned by the University. If you work with personal information, you must be aware of and comply with applicable legal requirements and policies.

Vice Presidents, Deans, Directors, Department Heads and Heads of Centers have ultimate responsibility for computing resources, including personal information, and for their units' compliance with legal requirements and policies.

The Personal Information Sweep provides tools and guidance for compliance. Complete the Personal Information Sweep on each computer or storage device you use to store UA information.

Why Can't IT Staff Do This for Me?

You may or may not be assisted by your unit's IT staff in the technical aspects of this process, such as installing software and helping you with the clean up process. However, you yourself must ultimately decide, given your own duties and needs, which files to delete or retain. In addition, the scanning tool may find sensitive information that you should keep private even from IT staff. That means that all decisions about what to do with personal information should be made by you. The assurance that sensitive personal information is secured is your responsibility.

For assistance with the technical aspects of the process, contact:

  • your local IT staff
  • the 24/7 IT Support Center (626-TECH)
  • the Information Security Office (621-UISO or iso@u.arizona.edu)

Non-technical questions should be directed to the Information Security Office (621-UISO or iso@u.arizona.edu).

Which Information is Affected?

This procedure applies to UA information stored in -

  • all systems used by UA personnel, other than those centrally housing UIS, IIW, SPINS, FRS, PSOS, SIS and Matrix.
  • personally owned computers and external media with UA information on them.

Note that accessing your UA computer desktop through a remote desktop program does not transfer personal information stored there to your off-campus computer.

While not within the scope of the Personal Information Sweep, paper documents with personal information should also be secured.

Additional requirements outside the scope of the Personal Information Sweep may apply if you -

How Do I Secure Personal Information?

The Personal Information Sweep is a program designed to assist UA personnel in addressing requirements and policies. This process will guide you through the steps you need to take:

At their most basic, these 12 steps involve removing or securing any personal information you store on a computing device.  You first do that for personal information you already know about or can readily find.  Then, you use a computer program to search for personal information you missed.

Print a checklist to help you track your progress.

Step 1 – Locate personal information

Authorities:

Initial Draft: 2/13/08

Effective Date: 10/1/08