We write to remind you of the need to evaluate and protect sensitive data stored on computers and other electronic devices. In this age of increasingly sophisticated data security attacks and seemingly endless schemes designed to compromise computers or steal private information, it remains incumbent upon each of us to do what we can to protect the sensitive information of our students, staff, colleagues and the University.
Information that can be used for identity theft remains a particular concern.
This includes names in combination with:
** Full Social Security numbers (SSN),
** Drivers license or State-issued identification card numbers, and/or
** Individuals' financial account, credit card, or debit card numbers.
As a general rule, unless there is a reason based in law or policy to store this information, it should be masked or eliminated wherever possible. We ask that you consider the electronic devices under your control and remove or secure any files or records that contain the above types of information or other sensitive information. If you are uncertain how to remove or secure your sensitive files, contact your ITS Divisional Liaison or the ITS Support Center for assistance (see below for contact information).
The climate surrounding information security at the University of California has intensified over the past year:
** The UCLA data security breach announced in December 2006 resulted in the notification of approximately 800,000 individuals. Later evidence indicated that the Social Security numbers of approximately 28,600 of these people were illegally retrieved by hackers. This event was a wake-up call for all campuses to re-examine the use and storage of sensitive data at all levels of the organization.
** On a national level, data breaches involving more than 66,000,000 individuals' personal identity information have been reported since September 2006.
** UC Office of the President recently published revised and new information security bulletins and a new Management Guide for Information Security that apply to the entire campus: http://www.ucop.edu/irc/itsec/uc/mgt_guide/guide.html.
** Data security and privacy remains in active discussion among state and federal lawmakers.
By taking active security measures as outlined above and as described in the ITS Security Awareness Web Site (referenced below), you will help protect yourself and other members of the UCSC community from computer security breaches and the costly and time-consuming consequences of identity theft.
We appreciate your immediate attention to this matter as well as your support of our campaign to protect sensitive UCSC data. If you have any questions, please contact Julie Goldstein, ITS Service Manager for Community and Compliance, at 459-2779 or itpolicy@ucsc.edu
Security Awareness Web Site: http://its.ucsc.edu/service_catalog/security/security_awareness/
Additional Security Resources: http://its.ucsc.edu/security_awareness/resources_07.php
ITS Support Center: http://its.ucsc.edu/services/help_desk/
ITS Divisional Liaisons: http://its.ucsc.edu/divisional_liaisons/index.php