ISO Position Paper
Position Title: Network Storage of Files Containing Personally Identifiable Information
or Restricted Data
Position Audience: Princeton IT Professionals
Contact: Information Security Office: [email protected]
Position Release Date: November 2018
Problem Statement
Personally Identifiable Information (PII)1 and Restricted data within files are often stored on
network shared drives and are not removed when no longer needed.
The unauthorized access to files containing PII and/or Restricted data can lead to financial
penalties and damage to Princeton University’s reputation.
ISO Position
All PII and Restricted data should remain in and be utilized from the appropriate systems of
record.
If there is a need to save a file containing PII and/or Restricted data, it should be stored on a
centrally managed University network storage service for as short a time as possible and never
longer than 30 days.
Additional Information
Please refer to protectourinfo.princeton.edu for additional information on data classifications.
1The National Institute for Standards and Technology (NIST) defines PII as information which
can be used to distinguish or trace the identity of an individual (e.g., name, social security
number, biometric records, etc.) alone, or when combined with other personal or identifying
information which is linked or linkable to a specific individual (e.g., date and place of birth,
mother’s maiden name, etc.).
Data classification: Public