Sensitive Personal Information

At Tufts, Sensitive Personal Information (SPI) includes:

Government-Issued Identifying Numbers

  • Social Security numbers
  • Driver’s License numbers
  • Other Massachusetts ID numbers
  • Passport numbers
  • All Government ID numbers

Regulated Financial Information

  • Credit or Debit card numbers 
  • Financial Account numbers (e.g. Bank Accounts)

Biometric Indicators for Identity
For example:

  • Fingerprints
  • Retina Patterns
  • Genetic Information

Financial accounts includes accounts for individuals, such as listed on a check, other bank accounts, and accounts at other financial institutions. Include Tufts accounts for individuals where Tufts provides a service or product similar to those provided by a financial institution. Include student loan accounts. Do not include Tufts Dept IDs.

Biometric Indicators for Identity includes any unique biological attribute or measurement that can be used to authenticate the identity of an individual, including, but not limited to, fingerprints, genetic information, iris or retina patterns, facial characteristics, and hand geometry.

Most types of SPI, when combined with a person's name, are also Personal Information under the Massachusetts Data Privacy Laws and Regulations. All SPI is Regulated Institutional Data under the Information Classification and Handling Policy and should be handled with the highest level of confidentiality and security.



The University must comply with the Massachusetts Data Privacy Laws and all staff, faculty and students are required to follow the University's policies. The University has established the Massachusetts Data Privacy Program and appointed Information Stewards to support the proper management and handling of SPI.

Getting Started

  1. Review your work practices with your Information Steward. In this process, evaluate with your Information Steward your need for this information
  2. Comply with the Tips and Guidelines for Sensitive Personal Information. The Sensitive Personal Information Guide is also available as a quick summary.


Massachusetts Data Privacy Laws
Information Security Program
Information Classification and Handling Policy
University Records Policy
Confidential Records Destruction