1 / 11

Addressing Unauthorized Release of Personal Information at UC Davis

Addressing Unauthorized Release of Personal Information at UC Davis. August 12, 2003. California Civil Code, Section 1798. State’s response to an estimated 160,000 cases of identity theft in 2002

barclay-hodge
Download Presentation

Addressing Unauthorized Release of Personal Information at UC Davis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003

  2. California Civil Code, Section 1798 • State’s response to an estimated 160,000 cases of identity theft in 2002 • Requires organizations, including institutions of higher learning, to notify state residents when unauthorized individuals have obtained personal information via a computer security breach • Effective as of July 1, 2003

  3. UC Guidelines • Electronic Information Security (BFB IS-3) • Defines personal information as first name or first initial and last name in combination with one or more of the following: • Social Security Number • Driver’s license or California ID number • Account or credit card number and security code, access code or password

  4. UC Guidelines (cont.) • Defines security breach as when a California resident’s unencrypted personal information is believed to have been acquired by an unauthorized person. • Calls for system-wide notification procedures and the development of local guidelines.

  5. UC Davis Implementation • Chancellor Vanderhoef • Appointed UC Davis Information Technology Security Coordinator, Bob Ono, as lead in coordinating the campus’ compliance efforts • Via May 28, 2003 memo, notified Vice Chancellors, Vice Provosts and Deans of the need to take a proactive approach by identifying ways in which security risks can be minimized

  6. UC Davis Implementation (cont.) • IT Security Coordinator, Bob Ono • Developed draft implementation plan that identifies key roles, responsibilities and procedures for: • Minimizing risks of security breach • Reporting incidents • Notifying individuals whose personal information may have been obtained by a non-authorized person

  7. Roles and Responsibilities • CODVC Members • Oversee preventative measures to secure data • Communicate with appropriate staff about Section 1798, identity theft, and the campus implementation plan

  8. Roles and Responsibilities (cont.) • Campus Units • Inform users of their responsibilities to secure personal information • Assess risks and implement security safeguards for systems housing personal information • Develop and maintain control records and establish monitoring procedures • Report suspected incidents

  9. Roles and Responsibilities (cont.) • Campus Misuse Committee • Investigate reported incidents • Assess need for and authorize notifications • Authorize case closure

  10. Roles and Responsibilities (cont.) • IT Security Coordinator, Bob Ono • Communicate components of implementation plan to responsible parties • Ensure response process is followed • Ensure system-wide and campus notification procedures are followed • Coordinate incident reporting with department personnel, Campus Misuse Committee, and UCOP

  11. Resources • Identity Theft Prevention Web Site • http://security.ucdavis.edu/identity_theft.cfm • Information Practices Act of 1977 – California Civil Code Section 1798 • http://www.privacy.ca.gov/code/ipa.htm • Information Security Policy, Business and Finance Bulletin IS-3 • http://www.ucop.edu/ucophome/policies/bfb/is3.pdf • Misuse of University Resources, UC Davis Policy and Procedures Manual, Section 330-95 • http://manuals.ucdavis.edu/ppm/330/330-95.htm

More Related