Your Responsibility for Securing Private Information

UCSD
CAMPUS NOTICE
University of California, San Diego

OFFICE OF THE VICE CHANCELLOR -
BUSINESS AFFAIRS

November 19, 2003

ALL ACADEMICS AND STAFF AT UCSD (including UCSD Healthcare)

SUBJECT: Your Responsibility for Securing Private Information

As a member of the UCSD community, you may have responsibility for some processes that include access to private information: Social Security numbers, birth dates, home phone numbers, location of assets, credit cards, health and student personal information, etc. The use and protection of much of this information is governed by federal and state law/regulation and university policy. Therefore, if you use and/or store private information as described above, you should examine all of the business processes you undertake for the university and ensure that the retrieval/storage of private information within your office setting is absolutely necessary for such processes. In addition, you should be able to answer affirmatively to the following statements. These standards protect access to private information within the university environment.

* Access to all private information I work with is restricted on a
   "need-to-know" basis.
* Access to my computer and other information technology equipment
   assigned to me is password-protected.
* I log off my computer or use a screensaver password when I leave my
   work station.
* Information on my screen is kept hidden from visitors to my work area.
* All sensitive papers, printouts, etc., are safely secured during the
   day when I leave my work area and locked up during non-work hours.
* My computer has up-to-date antivirus software and software patches.

All members of the university community are obligated to respect and protect private information whether it is transmitted and stored electronically (e.g. e-mail) or in hardcopy. It is important to understand that each individual is responsible for the information under his or her control. Responsibility for protecting individual privacy is a part of everyone's job.

Additional Information:

Federal Statutes:
http://www.ed.gov/offices/OM/fpco/ferpa/
http://www.usdoj.gov/foia/privstat.htm

UCSD and California: http://blink.ucsd.edu/go/idtheft

If you have any questions or concerns regarding the use of private data, please contact Charlotte Klock, Chair of the ACTPC Security Subcommittee, at cklock@ucsd.edu or x21223.

                                                Steven W. Relyea
                                                Vice Chancellor -
                                                Business Affairs