University of California, San Diego
ADMINISTRATIVE COMPUTING &
May 5, 2005
KEY ADMINISTRATORS AND SYSTEM ADMINISTRATORS
With recent media coverage of identity theft cases, we all need to be vigilant in the protection of personal information no matter what format it is in. As members of the UCSD community, you and others in your departments may have responsibility for some processes that include access to private information, such as Social Security numbers, birth dates, home phone numbers, location of assets, credit cards, student data, patient records, etc. (see http://adminrecords.ucsd.edu/Notices/2003/2003-5-20-1.html).
We are requesting that you remind people in your departments on an ongoing basis that it is everyone's responsibility to ensure the university data is as secure as possible. If you use and/or store private information, you should continually examine your businesses processes and ensure that the retrieval/storage of private information is absolutely necessary. In addition, everyone in your department should be able to answer the following statements affirmatively:
- Access to all private information I work with is restricted on a "need-to-know" basis.
- Access to my computer and other information technology equipment assigned to me is password-protected.
- I log off my computer or use a screensaver password when I leave my workstation.
- Information on my screen is kept hidden from visitors to my work area.
- All sensitive papers, printouts, etc., are safely secured during the day when I leave my work area and locked up during non-work hours.
- My computer has up-to-date anti-virus software, firewall, and software patches.
More information on computer security issues can be found at http://blink.ucsd.edu/go/security.
If you have any questions or concerns regarding the use of private data, please contact Charlotte Klock, Chair of the ACTPC Security Subcommittee, at firstname.lastname@example.org or (858) 822-1223.