Administrative Message
July 19, 2006
To: UCSC Faculty and Staff
From: David S. Kliger, Campus Provost and Executive Vice Chancellor and Larry Merkley, Vice Provost, Information Technology
Re: Protecting Personal Identity Information and Other Sensitive Data
In light of the computer thefts and data breaches at UCSC and in the news over the past several months, I am writing to remind the campus community of the need to protect sensitive data stored on computers and other electronic devices. When sensitive information is stored insecurely on an electronic device, or is transmitted insecurely, the confidentiality of students, staff, colleagues and the university are placed at great risk. In order to minimize the occurrence of such events here at UCSC, it is important that every individual with access to sensitive UCSC data take active measures to protect this information and maintain its security.
Of particular concern is identity-related information that can be used for identity theft. This includes names in combination with:
* Full Social Security numbers (SSN),
* Drivers license or State-issued identification card numbers, and/or
* Individuals' financial account, credit card, or debit card numbers.
We ask that you consider the information stored on electronic devices under your control, including portable devices (such as laptop computers, flash drives, disks/CDs, PDAs, etc.), and remove or secure any files that contain the above types of information or other sensitive information. If you are uncertain how to remove or secure your sensitive files, contact your ITS Divisional Liaison or the ITS Support Center for assistance (see below for contact information). Remember that old or archival records and extra copies of files can contain sensitive information even when current files do not.
Over the past two years, notifications were sent to hundreds of thousands of applicants, students, staff, faculty, visiting scholars, and alumni at University of California campuses, including UCSC, describing computer security breaches that may have exposed their personal identity information to unauthorized individuals. On a national level, data breaches involving more than 88,500,000 individuals' personal identity information have been reported since mid-February 2005. Nobody is immune to breaches in security.
Many of these incidents could have been prevented if greater care had been exercised and personal information had been better protected. By taking active security measures as outlined above and as described in the ITS Security Awareness and Security web pages (referenced below), you will help protect yourself and other members of the UCSC community from computer security breaches and the costly and time-consuming consequences of identity theft.
We appreciate your immediate attention to this matter as well as your support of our campaign to protect sensitive UCSC data. If you have general questions about this letter or the protection of sensitive data, please contact Julie Goldstein, ITS Community and Compliance Service Manager, at 459-2779 / julieg@ucsc.edu.
ADDITIONAL INFORMATION AND RESOURCES:
Where to look for personal or sensitive information:
Examples of electronic devices on which personal or sensitive information may be stored include:
* Desktop and laptop computers
* Servers
* Personal or home computers used for University business
* Portable electronic devices, such as personal digital assistants (PDAs), Blackberries, data phones, and other mobile devices
* Removable media, such as CDs/DVDs, flash drives, disks, and backup tapes
Look for university-related personal identity or sensitive information in current and old files and email containing, but not limited to, the following types of information:
* Personnel or academic related spreadsheets, databases, and files
* Student records, including class lists, student rosters, and grade records
* Health records
* Downloads from Banner/FIS, PPS, AIS, DivData, or Data Warehouse/InfoView
* Financial spreadsheets
* Performance evaluations or reference letters
* Electronic versions of research grant applications or other Intellectual Property (IP)
* Data related to DMV pull notices
Contact Information:
ITS Support Center: http://its.ucsc.edu/services/help_desk/index.php
ITS Divisional Liaison:
http://its.ucsc.edu/services/computer_coordinators/contact_list.php
ITS Security Awareness:
Julie Goldstein 459-2779 / julieg@ucsc.edu.
Additional Resources:
ITS Security Awareness website: Includes links (on the left) to a "Top 10 List" of good computing practices, online computer security training, and other IT security awareness and restricted data resources.
http://its.ucsc.edu/security_awareness/
ITS Security website: Provides a wide variety of IT security information and resources for the UCSC community.
http://security.ucsc.edu/
Information for victims of identity theft: The California Attorney General's website for victims of identity theft. Also includes links to additional identity theft resources.
http://caag.state.ca.us/idtheft/tips.htm
Privacy Rights Clearinghouse: A "nonprofit consumer information and advocacy organization."
http://www.privacyrights.org/index.htm