Personally Identifiable Information Submitted to HLC
Guidelines for Institutions and Peer Reviewers
HLC’s Obligations of Membership policy requires institutions to redact or identify certain personally identifiable information (PII) that may be included in information or documents submitted to HLC. HLC has provided guidelines to help institutions comply with this requirement.
Personally Identifiable Information Guidelines
HLC defines PII as any information about an individual that allows the individual to be specifically identified. PII includes, but is not limited to: name, address, telephone number, birthday, email, social security number, bank information, etc. Examples of PII that could be included in institutional information or documents submitted to HLC could include individual student financial receivables (Social Security numbers or banking information), student health information, employee pay information, employee personal contact information, etc.
In most instances, HLC does not need the PII for evaluative purposes. Disclosure of the PII—for example as the result of information or documents that HLC has shared with public entities for compliance that have been shared by the public entity through an open records request—can result in harm or inconvenience to individuals and may result in fraud or identity theft.
When submitting information and documents to HLC, institutions are asked to carefully consider whether information or documents containing PII must be included. If the information or documents must be included for evaluative purposes, but the PII itself is not needed for evaluative purposes, institutions should redact the PII where possible. If redaction of the PII will interfere with the evaluative value of the document, institutions should clearly identify the document as containing PII. This could be accomplished through a cover page that identifies each instance of unredacted PII within the materials submitted.