OBJECTIVES

Learn about UC’s Privacy and Information Security Work

Understand Societal Perceptions of Privacy and Security

Distinguish between Privacy and Security

2015 Hot Topics
HINT: THEY AREN’T THE SAME
The Internet and Security
2014: A YEAR TO FORGET
UC’S DEFINITIONS
Autonomy Privacy: individual’s ability to conduct activities without concern
of or actual observation
Information Privacy: the appropriate protection, use, and dissemination of
information about individuals. This protects data about people.
Information Security: supports the protection of information resources from
unauthorized access, which could compromise the confidentiality, integrity,
and availability of those resources. This protects information and
infrastructure.
What Is Privacy?
Privacy: concerned with the collection
and use of personal data related to
the mission of the organization
 Compliance – what data do we hold
and what laws do we need to follow
to ensure privacy?
 Philosophy & Ethics – what does
“privacy” even mean, and why do we
care?
What Is Security?
Security: concerned with the
confidentiality, integrity and
availability of data
 Confidentiality – rules for access to
data; ensure authorized access
(similar to privacy)
 Integrity – maintaining and
assuring the accuracy and
consistency of data
 Availability – reliable access to data
UC DEFINITIONS
The Difference: Privacy & Security
Privacy
Security
 Privacy: concerned
with the collection and
use of personal data
required for mission.
 Security: concerned
with the protection of
data required for the
mission.
7/12/2016
9
SENSITIVE DATA IN HIGHER ED
Education
Information
Audience:

Employees

Students

Third parties
Sensitive
Data
Just because we can, does that mean
we should?
Are our actions it in the best interest of:
•
the system?
•
the campus?
•
the user?
How do we decide?
Health
Information
Ideas
Employment
Information
Identities
Problems &
Dispute
UC STRUCTURES
Presidential Privacy & Information Security Initiatives

Privacy and Information Security Initiative

“GERI” or Cybersecurity Risk Reduction Initiative
Understanding the Structures:

Who are the players?

What does it do?

Where does it sit?

When does it meet?

How do they intersect?
INTERSECTIONS: UC FUNCTIONS
Business
Area
Compliance
Counsel
Info Sec
Privacy
Procurement
INTERSECTIONS: TOPICS
Cloud
Computing
Surveillance
Incident
Response
Encryption
Data
Storage &
Collection
Data
Classification
Vendor
Contracts
Records Use
& Release
Academic
Freedom
THANK YOU AND KEEP THE DIALOGUE GOING
HELP
TALK
LEARN
ACT
UC PRIVACY & INFO SEC SYSTEMWIDE RESOURCES
Key Privacy Resources:
• Institutional Privacy: Campus Privacy Officials
• Healthcare Privacy: HIPAA Officers
Key Security Resources:
• Campus Information Security Officers
• HIPAA Information Security Officers (some shared from above)
• IT Policy and Security Committee
2015 UC HOT TOPICS IN PRIVACY & SECURITY
1. Information Security Policy update and Data Classification
2. Role of Privacy in Incident Response
3. Cybersecurity Insurance
4. Vendors: Data Privacy & Security Risks Assessments and Contracts
5. Cloud Computing
WHAT ARE YOUR HOT TOPICS?
6.
??
7.
??
8.
??
9.
??
10. ??
QUESTIONS?
CONTACT INFORMATION
Roslyn Martorano
Systemwide Privacy Manager
roslyn.martorano@ucop.edu | (510) 987-0564
David Rusting
Chief Information Security Officer
david.rusting@ucop.edu | (510) 987-0086