Frequently Asked Questions - UCSB Policies and Procedures

advertisement
Presentation #4
2/3/2015
Gaucho Round-Up
FAQ’s
This presentation covers some of the FAQ’s about
campus clean-up day.
1
2
Question 1:
I have e-waste that may
contain sensitive
information.
Will I be able to drop off
e-waste for secure
disposal?
Answer:
Yes. The e-waste will be
collected by furniture
services for secure
disposal.
We will not be
collecting hazardous
waste – such as paint
and chemicals.
3
Question 2:
Answer:
Can I bring materials
from home?
No this event is to
dispose of university
related materials only.
4
Question 3:
Can I shred
cardstock?
Answer:
Yes. You can also shred
staples. The only thing to
look out for is large
clips.
5
Question 4:
Should departments
be shredding new hire
documentation after
an employee receives
his or her first
paycheck?
Answer:
Yes that is true.
At UCSB, Business and Financial
Services holds the official record
of the new hire documentation,
including the I-9, Oath/Patent,
and W-4. To protect employee
Social Security Numbers that are
contained on these forms, the
departmental copies of new hire
documents should be destroyed
after the employee receives his
or her first paycheck.
6
Question 5:
Do I need to print the
IDOC hire/rehire
form from PPS and
place it in the
personnel file?
Answer:
No. The information on the
IDOC hire/rehire form is in
the PPS system and there is
no need to print that out and
retain it in the personnel file.
The IDOC separation
document, on the other hand,
must be submitted to payroll
for the final paycheck to be
processed.
7
Question 6:
Answer:
How do departments
handle separated
personnel files with
regards to documents
that have social
security numbers?
New hire documentation
– such as I-9 and W4 should be shredded. (BFS
is office of record.) In
general, the documents in
personnel files should be
held for 5 years after the
employee separates from
the university.
8
Question 7:
Answer:
Student personnel file
retention. How long
and what date does
the department use
to determine the
retention date?
Retain records for 3
years after the end of
the fiscal year in which
the specific individual
no longer has any
employment
relationship with the
University.
9
Restricted Information
Restricted Information:
"Restricted information" is UC's term for the most sensitive
confidential information. Restricted information or data is any
confidential or personal information that is protected by law or policy
and that requires the highest level of access control and security
protection, whether in storage, transit, or deletion.
BFB IS-2
10
What is “PII”?
As used in US privacy law and information
security, personally identifiable information
(“Pll”) is information that can be used on its own
or with other information to identify, contact, or
locate a single person, or to identify an
individual in context. For legal purposes, the
effective definitions vary on the jurisdiction and
the purposes for which the term is being used.
11
Other Types of Restricted Information
• Personally Identifiable Information (PII)
• Protected health information (PHI) protected
by Federal HIPAA legislation
• Credit card data regulated by the Payment
Card Industry (PCI)
• Passwords providing access to restricted data
or resources
• Court-ordered settlement agreements
requiring non-disclosure
• Information specifically identified by contract
as restricted
• Other information for which the degree of
adverse affect that may result from
unauthorized access or disclosure is high.
12
Do you have
restricted information
in your department?
Guidelines for Dealing with
Restricted Information
IS-3, Appendix B
• Restricted information should not be collected or
stored unless absolutely necessary.
• Access to restricted resources should be
authorized only as needed to perform assigned
duties.
When destroying restricted
information, don't forget about
email attachments, screenshots,
old or previous versions of files,
drafts, archives, copies, backups,
CDs/DVDs, old floppies, etc.
• Ensure training for all individuals who have been
granted access to restricted resources.
• Delete or redact restricted information when there
is no longer a business need for its retention.
•
When deleting restricted information, ensure
record contents are rendered irretrievable by
shredding or other means.
13
Examples of Other Types of Confidential Information
• Home address or home telephone number
• Personal information protected by anti-discrimination and
information privacy laws such as:
• Ethnicity or Gender
• Date of birth
• Citizenship
• Marital Status
• Religion or Sexual orientation
• Certain types of student records
• Exams, answer keys, and grade books
• Applicant information in a pending recruitment
• Information subject to a non-disclosure agreement, including
research data, intellectual property (IP), patent information and
other proprietary data
• Academic evaluations and letters of recommendation
• Some kinds of personnel actions
• "Pre-decisional" budget projections for a campus department (can
14
also be marked "Draft" or "Not for Distribution")
Download