Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Published byAllen Hodges Modified over 9 years ago

Similar presentations

Presentation on theme: "Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003."— Presentation transcript:

1 Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003

2 California Civil Code, Section 1798 State’s response to an estimated 160,000 cases of identity theft in 2002 Requires organizations, including institutions of higher learning, to notify state residents when unauthorized individuals have obtained personal information via a computer security breach Effective as of July 1, 2003

3 UC Guidelines Electronic Information Security (BFB IS-3) Defines personal information as first name or first initial and last name in combination with one or more of the following: Social Security Number Driver’s license or California ID number Account or credit card number and security code, access code or password

4 UC Guidelines (cont.) Defines security breach as when a California resident’s unencrypted personal information is believed to have been acquired by an unauthorized person. Calls for system-wide notification procedures and the development of local guidelines.

5 UC Davis Implementation Chancellor Vanderhoef Appointed UC Davis Information Technology Security Coordinator, Bob Ono, as lead in coordinating the campus’ compliance efforts Via May 28, 2003 memo, notified Vice Chancellors, Vice Provosts and Deans of the need to take a proactive approach by identifying ways in which security risks can be minimized

6 UC Davis Implementation (cont.) IT Security Coordinator, Bob Ono Developed draft implementation plan that identifies key roles, responsibilities and procedures for: Minimizing risks of security breach Reporting incidents Notifying individuals whose personal information may have been obtained by a non- authorized person

7 Roles and Responsibilities CODVC Members Oversee preventative measures to secure data Communicate with appropriate staff about Section 1798, identity theft, and the campus implementation plan

8 Roles and Responsibilities (cont.) Campus Units Inform users of their responsibilities to secure personal information Assess risks and implement security safeguards for systems housing personal information Develop and maintain control records and establish monitoring procedures Report suspected incidents

9 Roles and Responsibilities (cont.) Campus Misuse Committee Investigate reported incidents Assess need for and authorize notifications Authorize case closure

10 Roles and Responsibilities (cont.) IT Security Coordinator, Bob Ono Communicate components of implementation plan to responsible parties Ensure response process is followed Ensure system-wide and campus notification procedures are followed Coordinate incident reporting with department personnel, Campus Misuse Committee, and UCOP

11 Resources Identity Theft Prevention Web Site http://security.ucdavis.edu/identity_theft.cfm Information Practices Act of 1977 – California Civil Code Section 1798 http://www.privacy.ca.gov/code/ipa.htm Information Security Policy, Business and Finance Bulletin IS-3 http://www.ucop.edu/ucophome/policies/bfb/is3.pdf Misuse of University Resources, UC Davis Policy and Procedures Manual, Section 330-95 http://manuals.ucdavis.edu/ppm/330/330-95.htm

Download ppt "Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003."

Similar presentations

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

Similar presentations

Ads by Google