» About Safe Computing

Friday July 4th, 2008

Safe Computing > Data Security

Keeping Your Data Safe

The information stored on your computer is often more valuable than the equipment itself. If sensitive data is lost, California law requires that consumers be notified that the information may have been compromised. As a part of UCI's efforts to enhance information security, Electronic Security Coordinators have been identified in each administrative division and academic school. These coordinators are responsible for compiling and maintaining an inventory of sensitive data resources in their area.

Sensitive Data

Under California law, California residents must be notified when a computer security breach (including loss or theft of equipment) is reasonably believed to have allowed their personal information to be acquired by an unauthorized person. UCI requires that employees take appropriate care of sensitive data that is stored on computers, PDAs or other devices. Do not store sensitive data unless absolutely necessary.

What is sensitive data?

Sensitive data is restricted data for which access or modification is limited by law or University policy. A prime example of such data (unless the data is encrypted) is an individual's first name or first initial and last name in combination with any of the following:

  • Social security number
  • Driver's license number or California ID card number.
  • Financial account information, such as a credit card number.

Note: There are other types of sensitive data such as health records (covered by HIPPA) and student records (covered by FERPA). We are focusing on the California State SB1386 definition here, but the guidelines below apply to other sorts of sensitive data as well.

Do you store sensitive data?

  1. Only store sensitive data on your computer if it is absolutely necessary.
  2. Report any sensitive data stored on your computer to your Electronic Security Coordinator.
  3. Remove the sensitive data as soon as you no longer need it.

Basic actions to protect sensitive data.

  1. Make sure your computer is secure.
  2. Keep the definitive copy of sensitive information on a secure, professionally administered and backed-up system.
    Consider using UCI's WebFiles with 1 GB of storage.
  3. If you keep copies of sensitive data on your personal computer, consider encrypting the information.
  4. Use only secure connections such as "https" for Web transactions or UCI's VPN.
  5. Remove the sensitive data as soon as you no longer need it.
  6. Do not send sensitive data in email.

Compromised Computer with Sensitive Data

If you think your computer has been compromised and you have sensitive data, report it immediately.

  1. Remove the computing system from the campus network.
  2. Conduct a local analysis of the breach to determine the number of individuals whose protected data may have been acquired.
  3. Notify the Data Proprietor if there is a reasonable belief that protected data may have been acquired.
  4. Contact the NACS Response Center at (949) 824-2222 to report that a potential security breach has occurred and request immediate notification of the NACS security staff and the Security Breach Lead Campus Authorities. Send additional information via email to security@uci.edu with a copy to security-lca@uci.edu.

Back up Data

Routinely back up critical files on your computer. Backing up your system not only allows you to recover lost information, but it can help you determine what information was stored on the machine if it is stolen or lost. If you are storing sensitive data, do secure backups and keep in a safe place.