Responsibilities for Securing Private Information

UCSD
CAMPUS NOTICE
University of California, San Diego

OFFICE OF THE VICE CHANCELLOR -
BUSINESS AFFAIRS

May 20, 2003

ALL FACULTY AND STAFF AT UCSD (including UCSD Healthcare)

SUBJECT: Responsibilities for Securing Private Information

The purpose of this notice is to inform you of your responsibilities in protecting private information and to alert you to actions that UCSD is taking to protect such information. UCSD values the privacy of individuals and we actively seek to preserve the privacy rights of those who share information with us.

The importance of securing private information and preventing identity theft has continuously increased over the past few years as the proliferation of information technology has made it easier for criminals to obtain such information. Identity theft occurs when someone appropriates your personal information (e.g., social security number or credit card number) without your knowledge to commit fraud or theft.

Our Administrative Computing and Telecommunications department (ACT), along with the campuswide advisory policy committee (ACTPC), is currently undertaking a systematic review of all core campus computer systems to ensure compliance with regulations and policies. This review will require several stages for completion, including identification of all repositories of private data, review of current access needs and security measures, changes to systems as needed, and campuswide education on security and privacy issues. Much of the work is already underway and you can expect periodic notices to keep you informed of our progress.

Despite all of ACT's efforts, it is important to understand that ensuring the proper handling of private information cannot solely be done centrally. In order to conduct UCSD's business, there is a legitimate need for private data to exist in many places and be handled by many people. Therefore, if you handle any private data, the University relies on your cooperation and support to ensure compliance with the law. If you handle private data, your responsibilities include:

* Use and share the data only for business purposes
* Protect the data from unauthorized physical or electronic access (e.g., locks, passwords)
* Do not keep private data unless required for conducting university business
* Use email and data responsibly
* Comply with University policies and federal and state regulations

For more information on security-related issues, please refer to:
http://blink.ucsd.edu/go/security

If you have any questions or concerns regarding the use of private data, or need additional information on this subject, please contact Charlotte Klock, Chair of the ACTPC security subcommittee, at cklock@ucsd.edu or x21223.

                                                Steven W. Relyea
                                                Vice Chancellor -
                                                Business Affairs