Definitions | Information Protection @ MIT

Encryption

Making your data readable only with a key or pass code. Password protection, while useful, is not as secure as encryption. Encryption can be enabled on a computer using software applications such as BitLocker or FileVault.

FERPA

Family Educational Rights and Privacy Act of 1974 – requires protection of student information.

HIPAA

Health Insurance Portability and Accountability Act of 1996 – requires protection of health data; HITECH Act 2009 expanded HIPAA to include notification requirement.

Identity Theft

Identity theft is the illegal use of another person’s identifying information in order to steal money or get other benefits.

Malware

Catch-all phase that covers anything bad (viruses, worms, Trojans, etc.) that can affect a computer. Malware is spread by infected email, web sites, attachments, etc.

Operating System

e.g. Windows, Macintosh or Linux

PCI-DSS

Payment Card Industry Data Security Standard – requirements for anyone accepting Credit Cards. See Merchant Services @ MIT to learn more.

PGP Whole Disk Encryption

Software that encrypts everything on a user’s computer, so if the computer is lost or stolen, the data is unreadable. See Tools to Find, Delete or Protect.

Phishing

An email message that may look legitimate (e.g. from your bank) but is really a type of social engineering attempt to acquire sensitive information, such as user id and password. See Email and Web Safety.

PIRN (Personal Information Requiring Notification)

PIRN is an MIT acronym, which is currently equivalent to “personal information” under Massachusetts 201 CMR §17, and is defined in the WISP as a person's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such a person:
(a) Social Security number;
(b) driver's license number or state-issued identification card number; or
(c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that PIRN shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Redaction

Redaction/redacting is the sanitizing (removal) of unnecessary information from a file to get rid of the sensitive or private parts. It is more than obsuring or hiding the information. Redaction can be done with electronic files using tools such as Identity Finder and Adobe Acrobat. It can be done with paper files as well by cutting out or blacking out the information so that it is illegible. More information can be found here.

Shared Server

File server (computer) that provides a location for sharing storage of files with others, so everyone has access to the same version, and individuals don’t need to have data locally or share files via email.

Spirion (formerly Identity Finder)

Software to assist with finding PIRN on laptops/desktops.

VPN

Virtual Private Network - a way to allow private or secure communications between systems (e.g. your home computer and SAP); also known as a “tunnel.” See Virtual Private Network at MIT.

WISP

Written Information Security Program - required by Massachusetts Data Protection regulations.