October is National Cyber Security Awareness Month. This week's cyber security "tip of the week" from ITS focuses on protecting personal identity information (PII) by reducing storage of this data.
What is personal identity information (PII)?
PII is identity theft information, such as Social Security number, driver's license or state ID card number, financial account or credit card numbers, and personal medical/medical insurance information. This is the some of the most sensitive information we handle at UCSC. Not only is the safety of people's identities in our hands, but we are required by law to notify people if their PII has been accessed without authorization. Most of you have probably seen examples of this in the news over the past few years, including several major incidents from the different UC campuses.
Protecting PII
The best way to protect PII is not to have it on your computer in the first place. That way, if your machine gets stolen, or compromised by a virus, or hacked into, you won't be at the center of having to notify people their personal information has been compromised. Some specific recommendations are:
Delete PII whenever you can. Keep it off of your workstation, laptop computer, and other electronic devices if at all possible.
- Don't even store it temporarily if you can avoid it--not even if it's encrypted.
- Be sure to check for old files, e-mail, and attachments that may contain PII, especially those from before 2004 when ID numbers tended to be Social Security numbers.
- Additional information about PII, including common places where it can be found, is available on ITS's Security Awareness web site.
If you absolutely have to store PII, work with ITS to make sure it is protected properly.
If you learn that something with PII is missing or may have been infected or hacked into, report it to the ITS Support Center immediately: help@ucsc.edu, itrequest.ucsc.edu, 459-HELP. Also report stolen or missing equipment to the campus police: 459-2231.
For questions contact the ITS Support Center.
Additional cyber security information is available on the ITS Security Awareness Web site.