"Personal information" is defined as individual's first name or first initial and last name linked with any one or more of the following data elements:
(1) Social Security number;
(2) driver's license number or State identification card number; or
(3) account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (NJ Identity Theft Law; C.56:8-161 Definitions relative to security of personal information)

"For the purposes of sections 10 through 15 of this amendatory and supplementary act, personal information shall not include publicly available information that is lawfully made available to the general public from federal, state or local government records, or widely distributed media."

Social Security numbers (SSN) have become a widely used identifier to verify identity, for authentication, and as a common data link for other information. The SSN is well known as the root of identity theft and must be protected. University departments may no longer collect or use the SSN unless mandated by law. Most departments must use alternative forms of identifying students, clients, employees, and faculty whenever possible. Requests to provide a SSN (if the department is legitimately required to store them) should be denied or, in the least, verified for legitimacy.

In addition to the identifiers above, other identifiable personal/private information includes (but is not limited to):

• Medical records
• Educational records
• Financial records
• Studies or surveys using personally identifiable data
  
  NJ Identity Theft Law