University of California, San Diego
September 27, 2004
As a member of the UCSD community, you may have responsibility for some processes that include access to private information, such as Social Security numbers, birth dates, home phone numbers, location of assets, credit cards, student data, patient records, etc. A message on the same topic was sent to you a few months ago (see http://adminrecords.ucsd.edu/Notices/2003/2003-5-20-1.html).
The use and protection of much of this information is governed by federal/state law and by university policies. All members of the university community are obligated to respect and protect private information, whether it is transmitted and stored electronically (e.g. e-mail) or in hardcopy. It is important to understand that each individual is responsible for the information under his or her control.
Therefore, if you use and/or store private information, you should examine your businesses processes and ensure that the retrieval/storage of private information is absolutely necessary. In addition, you should be able to answer the following statements affirmatively:
* Access to all private information I work with is restricted on a
* Access to my computer and other information technology equipment
* I log off my computer or use a screensaver password when I leave my
* Information on my screen is kept hidden from visitors to my work area.
* All sensitive papers, printouts, etc., are safely secured during the
Additional information may be found at http://blink/go/security and on the websites listed in Appendix A below.
If you have any questions or concerns regarding the use of private data, please contact Charlotte Klock, Chair of the ACTPC Security Subcommittee, at email@example.com or x21223.
State of California Statutes are available at: