UCR Campus Policy 400-60 describes personal data as defined in California legislation requiring state agency, institution or organization that collects personal information to protect it against possible "identity theft."  In the event computerized data containing unencrypted personal information is breached (or is reasonably believed to have been) or acquired by an unauthorized person, published incident response procedures are to be followed to provide notification.  Best practices to reduce the possibility of breach, guidelines to avoid collection, limit distribution and retention of protected data are provided.

• C&C Overview and Implementation
• Campus Policy 400-60
• UCOP IS-3 Electronic Information Security