NYCHA Now

NYCHANow chronicles the hard work of the men and women who make the New York City Housing Authority run, reporting the latest news and happenings.

NYCHA Now
April 2017 IT News and Notes 

Protecting the Privacy of Our Customers

Jacqueline Broner

Some NYCHA employees handle documents or files that contain personally identifiable information (PII) about applicants, residents, Section 8 participants, and other customers. If this information is lost, compromised, or disclosed without the individual’s permission, it could be used to substantially harm their reputations, violate their privacy, and put their assets at risk. Federal law requires NYCHA to protect and keep confidential information that can distinguish or trace an individual’s identity.

Personally identifiable information is located in resident and employment applications (electronic or paper); NYCHA-owned or operated database systems (e.g., Siebel, Maximo, Primavera, and HRdb); and database systems licensed to NYCHA (e.g., Lexis-Nexis and Westlaw). It may also be contained in email, backup tapes, images, audio, video, and microfilm.

Items like name, place of  birth, phone number or an email address can be combined with data from other sources to trace an individual’s identify and violate his or her privacy. Information that could be used to substantially harm an individual is called “sensitive PII” and includes Social Security and driver’s license numbers, financial account numbers, and medical records.

Rules for Handling Personally Identifiable Information

All NYCHA employees, consultants, contractors and vendors must:

  • Only access personally identifiable information as part of your job duties;
  • Collect only what information is necessary to accomplish the intended business purpose;
  • Provide minimum necessary access to this information for other employees;
  • Disclose only the minimum information necessary to the requester, checking his need to have that information before you release it;
  • Safeguard information in transit and storage;
  • Secure physical equipment and resources; and
  • Dispose of information securely.

Incidents

Employees are required to report incidents such as nonauthorized access, improper use, or lost files, as dictated by the NYCHA Privacy Breach Response Handbook. Please immediately notify your supervisor if you inadvertently gain access to or distribute personally identifiable information. Visit the Privacy and Information Technology Security Portal on Connect to access the handbook and find other pertinent information.