|
|
|
|
|
UC DAVIS: INFORMATION AND EDUCATIONAL TECHNOLOGY August 7, 2003 DEANS, DIRECTORS, DEPARTMENT CHAIRS, AND CAMPUS ADMINISTRATIVE OFFICERS Subject: Preventing Unauthorized Access to Personal Information UC Davis has long been concerned about protecting the personal information of campus members and has taken steps to secure major campus computing systems. However, as computer attacks continue to grow in number and increase in complexity, this task becomes particularly critical and challenging. As we heighten efforts to safeguard identity information at UC Davis, we need to reemphasize the important role each of us plays in maintaining the security and privacy of personal information The increasing number of computer systems nationwide that host personal information (such as names, Social Security numbers, dates of birth, driver's license numbers, financial records, and telephone calling card numbers), combined with computer system vulnerabilities, has led to increased risks of identity theft. In 2002, for example, over 160,000 persons in the United States reported falling victim to identity theft. In response to these increased risks, on July 1, 2003 a new law was passed in California (California Civil Code Section 1798) that requires organizations, including institutions of higher learning, to notify state residents when a computer security breach has permitted the release of personal information to unauthorized recipients. In response to this new law and potential security risks, deans and campus administrative officers are encouraged to take measures to improve computer system security within their units. Suggested measures include: - Avoiding the establishment of new computer systems that house personal information and assessing the need for storing personal identity information to ensure that only critical information is maintained for specific purposes (this includes all electronic devices, such as servers, laptops, desktops, tablet computers, or personal digital assistants, that contain or provide network access to personal information); - Reducing the number of existing systems on which personal information resides; - Ensuring a high level of security on systems that provide access to personal information (this includes developing and maintaining adequate procedures for granting and monitoring access to personal information); - Informing users of personal information of their responsibilities; - Purging or transferring obsolete records maintained on computer systems; - Ensuring that suspected incidents of security breaches are reported to appropriate campus officials; and - Limiting the use of personal information, such as Social Security numbers, in the course of University business. Methods to enhance system security and evaluate security controls are available at the campus security web site (http://security.ucdavis.edu). In addition, a notification plan has been developed which outlines the roles and responsibilities of campus units and personnel and sets forth the campus procedure for notifying individuals in the event that their information has been obtained via a security breach. This plan is available on the Identity Theft Prevention web site (see below). Receiving notification that one's information may have been obtained, together with the awareness that identity theft may occur in such circumstances, is the first step toward preventing or minimizing the consequences of such an incident. For victims of identity theft, finding a starting point toward recovery can be difficult. In order to help prevent incidents of identity theft, to guide the campus' response to cases of identity theft that do occur, and make recovery information readily available to victims, we have developed the Identity Theft Prevention web site (http://security.ucdavis.edu/id_theft.cfm). Information available via this site also includes the campus notification plan, resources to assist units in implementing the plan, and links to California Civil Code Section 1798. Questions about California Civil Code Section 1798 and the campus notification plan should be addressed to security@ucdavis.edu. John Bruno, Vice Provost Information and Educational Technology 03-091
 Office of the Chancellor | Contact Information | Current Issues | Speaking Out | Staff and Organization | Philosophy of Purpose | Principles of Community | Administrative Resources Modified: 12/14/2006 12:24:35 PM Comments: |
