Other Protected and Prohibited Information
The following categories of information are not PII, but require special handling.
Prudent to Protect:
Some other kinds of information fall into the category of Prudent to Protect. They may not be covered by State or Federal Law, but they should be appropriately protected. A subset of protections is appropriate for these kinds of information, consult your management or the “owner” of the information for more information.
Examples of Prudent to Protect:
- Citizenship Information, Passport #s
- Place and/or Date of Birth
- Information released to LBL under an approved Non Disclosure Agreement (NDA)or Cooperative Research and Development Agreement (CRADA)
- Non-public information related to University procurements.
- Some categories of pre-publication research results.
Again, this information typically requires only a subset of protections. More information is available at the end of this training.
Never Permitted:
Unclassified Controlled Nuclear Information, Classified Information, Formally Restricted Data (FRD), and almost all other kinds of protected or sensitive DOE information are not permitted at LBL.
In most cases export-controlled information is also prohibited on systems at LBL; however, there are some limited exceptions with appropriate risk mitigation which may be approved by the Export Control Officer in consult with the Computer Protection Program. More information is available at the end of this training.
Public Personal Information:
Just because information is personally identifiable, doesn't mean it is PII. For example, individual employee id#s, Lab telephone numbers, salary information, job titles, job history, and many other kinds of information are not protected.
More Information:
As contrasted with some of the DOE Labs which do classified and unclassified work (like PNNL and ORNL) LBL has lighter information protection and foreign national processing requirements because it stays clear of potentially sensitive information. Exceptions, even small ones, to this rule, may make this exception less clear, and thus have significant impacts to the open character of our institution.
CHOICE:
Now that you've read the definitions, if you're absolutely sure that you never manage, touch, or protect this kind of information on behalf of LBL, you can skip to the end of this training.
Otherwise, NEXT>>>>