University of California, Riverside

Security



Protecting Personal Information


In general, personal protected information should never be stored on personal computers, laptops or other devices. If there is a business need for this information to be stored, please follow these best practices.

California law (commonly referred to as SB1386) requires UCR to disclose any security breach of a system containing protected personal information to any California resident whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

It is strongly recommended that the transmission of, or the capture of (web form), SSNs and other sensitive data be avoided. When there is a need to capture or transmit such sensitive information, it is required (by California law and University policy) that the information be encrypted. Thus capture of this information must only be done via encrypted web (https) sites, and transmission must only be done via encrypted e-mail (or other) services and preferably on private networks. For more information on encryption products and services, please contact the Helpdesk (e-mail helpdesk@ucr.edu). Please note that Helpdesk services relating to encryption are available on a fee-for-service basis.

What Constitutes Personal Information

The law defines "personal information" to be an individual's first and last name in combination with any of the following:

  • Social security number and/or
  • Driver's license number or CA identification card number and/or
  • Financial account number, credit or debit card number, in combination with any security code, access code, or password that would permit access to the individual's account and/or
  • Medical information (medical history, mental or physical condition, medical treatment or diagnosis) and/or
  • Health insurance information (policy number, subscriber information number, individual's application and claims history including appeal records)

Detailed information, including UC and UCR policies, as well as procedures and guidelines for incident handling can be found at SB1386 Security Breaches Involving Personal Information. Campus departments and units are urged to establish procedures and practices to reduce the collection, distribution, and retention of protected personal information. For additional information about SB1386, protected personal information, or campus guidelines and policy, please email  ITpolicy@ucr.edu.

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer