Section 2: Identifying Information Types
TxDOT’s records are a vital and important information asset and must be protected against unauthorized access, use, disclosure, loss, modification/corruption, or unauthorized disposal. For additional information see the
.
Confidential Information
Confidential records must be protected from creation through final disposition. Any official record, convenience copy, or transitory information can contain confidential information regardless of the media. TxDOT employees who handle or have access to confidential records have a duty to safeguard and protect the information.
“Confidential Information” has the meaning provided in
, which states the confidential information means “information that must be protected from unauthorized disclosure or public release based on published laws or legal agreements.” Information that is Confidential Information under this definition may include:
(a) Attorney-Client communications.
(b) Drafts of policymaking documents.
(c) Information related to pending litigation.
(d) Audit working papers.
(e) Competitive bidding information before contract awarded.
(f) Sensitive Personal Information.
(g) Regulated data.
(h) Information excepted from disclosure requirements of
of the Texas Government Code (“Public Information Act”) or other applicable state or federal law
(i) Compliance reports for which the Texas Attorney General has granted permission to withhold.
(j) Investigative working papers and draft reports excepted from disclosure under Section
of the Texas Government Code.
Sensitive Data
Means information that could be subject to release under an
open records requests, but should be controlled to protect third
parties, and should be vetted and verified before release. At TxDOT,
this could include operational information, personnel records, research,
or internal communications.
- More examples of sensitive information include, but are not limited to:
- Plans and Specifications
- Costs/Financial Data
- Bids
- Personal Identifying Information
Sensitive Personal Information (SPI)
Sensitive Personal Information has the meaning provided by
of the Texas Government Code, which defines sensitive personal information as:
- An individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and item are not encrypted:
- Social Security Number
- Driver’s license number or government-issued identification number; or
- Account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account
Information that identifies an individual and relates to:
- The physical or mental health or condition of the individual.
- The provision of health care to the individual.
- Payment for the provision of health care to the individual.
Personal Identifying Information (PII)
Personal Identifying Information is subject to
,
“Public Information” and
, “Unauthorized Use of
Identifying Information”.
Personal Identifying Information is information about an individual
that can be used to distinguish or trace an individual’s identity.
This can include medical, education, financial, and employment information.
Personal Identifying Information can either exist as stand-alone content
or can be groups of content.
“Personal Identifying Information” means information that
alone or in conjunction with other information identifies an individual,
including an individual's:
(a) Name, social security number, date of birth, or government-issued
identification number.
(b) Mother's maiden name.
(c) Unique biometric data, including the individual's fingerprint,
voice print, and retina or iris image.
(d) Unique electronic identification number, address, or routing
code.