UC San Diego SearchMenu

Preventing Identity Theft and Securing Personal Information

According to California law (PDF), UC San Diego must notify individuals if their computerized personal information is (or may have been) disclosed or acquired by an unauthorized person. Should the university fail to comply, UC San Diego may be charged substantial penalties for mishandling personal information.

Personal information

Personal information is an individual's first name or first initial and last name, combined with one or more of the following data elements, when either the name or the data elements are not encrypted:

  • Social Security number
  • Driver's license number or California Identification Card number
  • Credit or debit card number, combined with any required security code, access code, or password that would permit access to an individual's financial account

Complying with the law

Campus procedures for notification are being established. Steps include:

  • Creating a repository to register your inventory of such personal information
  • Requesting verification of access to the personal information

Campus responsibilities

All UC San Diego departments and employees need to comply with the new law. IT Services' Security team relies on Department Business Officers, System Administrators, and Department Security Administrators to provide accurate and complete information. Department Security Administrators and Business Officers should work with their groups to:

  • Review the access granted to users of all systems, other than IT Services Business Systems, that contain the data elements listed above.
  • Restrict access to private information unless a user has a true business need.
  • Encourage reporting of suspected security violations.

Category: Cybersecurity