Top of the page

[About accessibility] [Skip UCSF navigation]

UCSF logo

End of UCSF navigation

[Skip breadcrumbs navigation]

UCSF which contains School of Pharmacy which contains About Privacy which contains Protection Against Exposure to Identity Theft (SB1386)

UCSF School of Pharmacy

Protection Against Exposure to Identity Theft (SB1386)

The California Information Practices Act known as Senate Bill 1386 protects against exposure to identity theft by requiring the University to promptly notify patients, students, or employees of any computer security breach involving the acquisition of their personal information by an unauthorized party.

Personal information is defined as a person's name in combination with one or more of the following:

Penalty for Lack of Compliance

If the University fails to provide the required notice in the event of a security breach, it will be liable for damages incurred by any civil action lawsuit that results.

For Patients, Students, and Employees

  1. Students: Beware of scholarship scams.
  2. Take precautions against identity theft. See Reduce Your Risk and Fighting Back Against Identity Theft.
  3. If such a security breach should occur and you receive notice of it, act quickly to minimize the damage. See ID Theft.

For Employees Only

Don't Store Personal Information Unnecessarily

You can reduce or eliminate the University's liability by not storing data deemed as personal information if you don't need it. For example, if you don't really need social security numbers, simply don't store them.

Take Inventory

Be aware of where you or your unit electronically stores personal information (as defined above). Also take into account removable media such as USB flash drives, DVD-ROMs, CD-ROMs, floppy disks, Zip disks, etc.

If You Must Store Personal Information

  1. Avoid using e-mail or instant messaging to send personal information such as social security numbers, unless you've been assured by a trusted party that it is end-to-end encrypted.
  2. Store the data in encrypted form only, using the strongest encryption possible and reasonable. However, do not rely on encryption features in Microsoft Office products, since they are not truly secure (despite what Microsoft claims).
  3. Physically secure the devices that store personal information. For example, place your computer behind a locked door. Put removable media in a locked drawer.
  4. Consult the full text of Senate Bill 1386 to ensure that you are meeting the University's legal obligations.
  5. Consult your computer support coordinator or UCSF Information Security to:
    • ensure that your systems are hardened against attacks, or
    • get answers to any questions you might have.
    For example, most computer security experts insist upon both of the following:

If a Security Breach Occurred

If you know or suspect that a security breach occurred:

  1. Disconnect the affected computer from the network:
    1. Unplug all network cables connected to the computer.
    2. Disable all wireless adapters in the computer.
  2. Report the security breach to your supervisor.
  3. Call your computer support coordinator or UCSF Enterprise Information Security at 415/514-4100 (Option 2) for instructions.
  4. If you're not satisfied with the resulting actions, contact the Whistleblower Coordinator.

More Information

The information provided above is simplified to make SB1386 easier to understand. For the full text of the bill, see Senate Bill 1386.

Go To: About Privacy

[Skip section-level navigation]

About Privacy
Overview |
Web Site Privacy Statement |
Privacy of Student Records (FERPA) |
Privacy of Patient Records (HIPAA) |
Protection Against Exposure to Identity Theft (SB1386)

End of section-level navigation