Information Security Guidelines

 

Appropriate measures must be taken to ensure personal information regarding our students, faculty, staff, alumni and donors is protected. The following highly sensitive information is of particular concern:

  1. Social Security Numbers;
  2. Financial information, such as bank account numbers, insurance policy numbers, credit or debit card numbers;
  3. Driver's license or California ID numbers;
  4. Medical information, such as doctor's reports, prescriptions, medical history;
  5. Student grades;
  6. Personnel performance information, such as performance evaluations and discipline letters;
  7. Dates of birth

 

In addition to a variety of specific technical and other controls the University utilizes to protect personal information, to reduce the likelihood of unauthorized disclosures of highly sensitive information, all members of the University community should take the following steps to protect private information maintained by the University:

  1. Limit access to those who have a need to know based on their job duties;
  2. Limit copying, printing and downloading;
  3. Limit removal off campus, including hard copies, disks, or files on laptops. If removal is necessary, measures should be taken to prevent theft or loss;
  4. Retain information only as long as there is an immediate need. Shred or erase completely when no longer needed;
  5. Include a notice when transferring information that it is highly sensitive and access is restricted;
  6. Delete any information not critical to reports or spreadsheets prior to distribution;
  7. Do not give information to anyone not authorized to receive it;
  8. Do not leave information unattended in a public place, including your car.

 

In addition, highly sensitive information should not be transferred in an unencrypted form (e.g., via email) unless absolutely necessary. Large files (containing more than 50 highly sensitive information elements) should never be sent in unencrypted form or non-password protected attachments.

  1. All members of the University community should also take the following measures to secure their computers:
  2. Set complex passwords that meet University requirements;
  3. Implement all instructions from IT concerning software patches and anti-virus software;
  4. Do not share passwords and log-out before leaving a terminal unattended;
  5. Install only properly licensed software from a known/trusted source;
  6. Delete without opening email sent from unknown sources;Store back-up files and media in a secure location.

 

Should you have questions or concerns regarding University information security practices, please contact the Office of the Vice President for Administration and Finance, at extension 2115.