|
According to the law, UCSD needs to notify individuals if their computerized personal information is (or may have been) disclosed or acquired by an unauthorized person.
Should the campus fail to comply, UCSD may be charged substantial penalties for mishandling personal information.
Personal information is an individual's first name or first initial and last name, combined with one or more of the following data elements, when either the name or the data elements are not encrypted:
- Social Security number
- Driver's license number or California Identification Card number
- Credit or debit card number, combined with any required security code, access code, or password that would permit access to an individual's financial account
Complying with the law: The Administrative Computing and Telecommunications Policy Committee (ACTPC) Security Subcommittee is helping establish campus procedures for notification by:
- Creating a repository to register your inventory of such personal information
- Requesting verification of access to the personal information
Campus responsibilities: All UCSD departments and employees need to comply with the new law. The ACTPC Security Subcommittee is relying on MSOs, System Administrators, and DSAs to provide accurate and complete information. DSAs and MSOs should work with their groups to:
- Review the access granted to users of all systems, other than ACT Business Systems, that contain the data elements listed above.
- Restrict access to private information unless a user has a true business need.
- Register data collections that contain private information online. MSOs, System Administrators, and DSAs should work with their business offices to identify local personal information storage.
- Encourage reporting of suspected security violations.
Links to more information:
- UCSD
- UCOP
- California Government
- US Government
Questions? Contact Gabe Lawrence, (858) 822-3785.
| 
At Your Service Online
