Some NYCHA employees handle documents or files that contain personally identifiable information (PII) about applicants, residents, Section 8 participants, and other customers. If this information is lost, compromised, or disclosed without the individual’s permission, it could be used to substantially harm their reputations, violate their privacy, and put their assets at risk. Federal law requires NYCHA to protect and keep confidential information that can distinguish or trace an individual’s identity.
Personally identifiable information is located in resident and employment applications (electronic or paper); NYCHA-owned or operated database systems (e.g., Siebel, Maximo, Primavera, and HRdb); and database systems licensed to NYCHA (e.g., Lexis-Nexis and Westlaw). It may also be contained in email, backup tapes, images, audio, video, and microfilm.
Items like name, place of birth, phone number or an email address can be combined with data from other sources to trace an individual’s identify and violate his or her privacy. Information that could be used to substantially harm an individual is called “sensitive PII” and includes Social Security and driver’s license numbers, financial account numbers, and medical records.
Rules for Handling Personally Identifiable Information
All NYCHA employees, consultants, contractors and vendors must:
- Only access personally identifiable information as part of your job duties;
- Collect only what information is necessary to accomplish the intended business purpose;
- Provide minimum necessary access to this information for other employees;
- Disclose only the minimum information necessary to the requester, checking his need to have that information before you release it;
- Safeguard information in transit and storage;
- Secure physical equipment and resources; and
- Dispose of information securely.
Employees are required to report incidents such as nonauthorized access, improper use, or lost files, as dictated by the NYCHA Privacy Breach Response Handbook. Please immediately notify your supervisor if you inadvertently gain access to or distribute personally identifiable information. Visit the Privacy and Information Technology Security Portal on Connect to access the handbook and find other pertinent information.