UCSD
CAMPUS NOTICE
University of California, San Diego
 

OFFICE OF THE VICE CHANCELLOR -
BUSINESS AFFAIRS

September 27, 2004


ALL FACULTY AND STAFF AT UCSD (including UCSD Healthcare)

SUBJECT:    Your Responsibility for Securing Private Information

As a member of the UCSD community, you may have responsibility for some processes that include access to private information, such as Social Security numbers, birth dates, home phone numbers, location of assets, credit cards, student data, patient records, etc. A message on the same topic was sent to you a few months ago (see http://adminrecords.ucsd.edu/Notices/2003/2003-5-20-1.html).

The use and protection of much of this information is governed by federal/state law and by university policies. All members of the university community are obligated to respect and protect private information, whether it is transmitted and stored electronically (e.g. e-mail) or in hardcopy. It is important to understand that each individual is responsible for the information under his or her control.

Therefore, if you use and/or store private information, you should examine your businesses processes and ensure that the retrieval/storage of private information is absolutely necessary. In addition, you should be able to answer the following statements affirmatively:

* Access to all private information I work with is restricted on a
   "need-to-know" basis.

* Access to my computer and other information technology equipment
   assigned to me is password-protected.

* I log off my computer or use a screensaver password when I leave my
   workstation.

* Information on my screen is kept hidden from visitors to my work area.

* All sensitive papers, printouts, etc., are safely secured during the
   day when I leave my work area and locked up during non-work hours.
* My computer has up-to-date anti-virus software, firewall, and software
   patches.

Additional information may be found at http://blink/go/security and on the websites listed in Appendix A below.

If you have any questions or concerns regarding the use of private data, please contact Charlotte Klock, Chair of the ACTPC Security Subcommittee, at cklock@ucsd.edu or x21223.


Steven W. Relyea
Vice Chancellor -
Business Affairs


APPENDIX A

UCSD/UCOP
http://blink/go/security
http://www-act.ucsd.edu/actonly/security/privatedataprocedures.pdf
http://blink.ucsd.edu/go/networkstandards
http://blink.ucsd.edu/go/laptopsecurity
http://www.ucop.edu/irc/itsec/
http://www.ucop.edu/ucophome/policies/bfb/is3.pdf
http://www.ucop.edu/ucophome/policies/bfb/rmp8toc.html

Federal Statutes
http://www.ed.gov/offices/OM/fpco/ferpa/
http://www.usdoj.gov/foia/privstat.htm
http://www.ftc.gov/privacy/glbact/glbsub1.htm (Gramm-Leach Bliley Act)

State of California Statutes are available at:
http://blink.ucsd.edu/go/idtheft