eHelpOn Mar. 15, 2005 California State University, Chico, made news when it notified more than 59,000 people that their personal data may have been acquired by an unauthorized party or computer “hacker.” One year earlier University of California, San Diego contacted approximately 380,000 former and current students, staff and faculty as well as some applicants who never enrolled at UCSD after school officials discovered that one or more unauthorized users had accessed two computers on the UCSD network via the Internet. Just one day before UCSD’s announcement, San Diego State University announced that an unauthorized user had illegally gained access to the names and social security numbers of more than 178,000 individuals housed on a server in the Office of Financial Aid and Scholarships.
Such unauthorized computer access is a crime under California State Penal Code Section 502. Sections 1798.29 and 1798.82 of the California Civil Code amended Senate Bill 1386, a law which went into effect on July 1, 2003. These codes require any state agency, person or business “that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”
The notification procedure required by California Civil Codes 1798.29 and 1798.82 can have huge financial ramifications. Cal Poly Pomona has a mission to protect the personal information of its students, faculty and staff, as well as data collected and stored on the university’s computers. It is important the campus community learn from the other incidents and take necessary precautions to secure all personal information held by the university.
First, it is important to follow Cal Poly Pomona’s acceptable use policies, which can be accessed at: http://www.csupomona.edu/~iit/policies/use.shtml.
Second, care should be taken about what is stored on local computers. Since the university’s servers provide extra security and backup protection, any and all personal information that needs to be recorded should be kept on the university’s servers whenever possible.
Third, following some basic computing security tips is essential to minimizing security threats. Securing private information can be as easy as following the tips outlined in the eHelp article “Safe Computing Checklist,” which can be accessed at: http://www.csupomona.edu/~ehelp/security/safe_computing_checklist.html.
More information on California Senate Bill 1386 can be accessed at: http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351- 1400/sb_1386_bill_20020926_chaptered.html.
Information on the security incidents mentioned in the overview can be found by visiting the following links:
Questions can be directed to Marcy Gates at 909.869.6899 or via email: mgates@csupomona.edu.
