Presentation #3 12/11/2014 Destroying Confidential and Restricted Information This presentation defines confidential and restricted information and gives examples of data that should be destroyed. 1 Stay Tuned! This is the THIRD in a series of presentations to help departments prepare for campus clean-up day. 2 February 20th Collection Locations We will have four collection areas on campus. The shredding trucks will visit each of these locations as follows: • The onsite shredding truck will be stationed from 9:00-3:00 in Parking Lot 15 (near Cheadle Hall and North Hall.) • The other shredding truck will rove around to the pick-up locations stationed around campus. The schedule for the roving truck is: o 9:00 - 11:00: Parking Lot 11 (near Chemistry and Physical Sciences buildings) o 11:00 – 1:00: Noble Hall Service Lot o 1:00 – 3:00: Thunderdome (East Service Area) 3 Shredding onsite 9:00-3:00 Shredding collected Shredding collected 9:00-11:00 1:00-3:00 Shredding collected 11:00-1:00 4 How do I get started? 5 IDENTIFY the records you have • Records in shared drives should have names that help identify what they are. • There may be a list of files for your file cabinets and boxes. • CDs and flash drives likely have labels. Determining the people who use the documents can help you identify what the records are and whether they are still in use. 6 CHECK the UC Record Retention Schedule The Retention Schedule can be found at: http://recordsretention.ucop.edu/ If you are unsure how to use the retention schedule, you can watch a taped webinar: http://www.ucop.edu/information-technologyservices/initiatives/records-retentionmanagement/training-materials.html 7 DETERMINE whether the records can be destroyed The retention period has lapsed, and no one uses the records… Destroy or delete the records. Shred sensitive, confidential, or restricted paper records. The retention period has lapsed, but people still use the records… Contact UCSB Record Manager Tessa Mendez about your situation. The retention period has lapsed, but they are part of an ongoing litigation, investigation, PRA request, or audit… Keep the records. 8 Remember- You should NOT destroy a record if there is: • • • • A public records act request; Pending, foreseeable, or ongoing litigation; An investigation; or An ongoing audit pertaining to the records is taking place. FREEZE This is called a “records freeze.” The records cannot be destroyed under the Record Retention Schedule until these actions have been completed or resolved. 9 Methods of disposal need to take into account the subject matter or contents of the records. Records containing information if used inappropriately could adversely affect the university, its partners, or the public must not be disposed of casually. Instead such records must be destroyed so that they cannot practicably be reconstructed. RMP 2, Appendix B 10 Intermingled Records In some cases, records requiring destruction may be intermingled with disposable records to such an extent that it is more cost-effective to destroy an entire group of records, rather than picking out just those for which destruction is required. Appendix B RMP 2, Appendix B 11 What information must be destroyed? The next slides will address: • Confidential information, • Restricted information, • Personally identifiable information, • Personal information, • Protected health information. Records containing these types of information must be destroyed when the retention period has lapsed. 12 Confidential Information Confidential Information: The term “confidential information” applies broadly to information for which unauthorized access or disclosure could result in an adverse effect. To address this risk, some degree of protection or access restriction is warranted. BFB IS-2 Appendix B 13 Restricted Information Restricted Information: "Restricted information" is UC's term for the most sensitive confidential information. Restricted information or data is any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage, transit, or deletion. BFB IS-2 14 Examples of Restricted Information • Personally Identifiable Information (PII) • Protected health information (PHI) protected by Federal HIPAA legislation • Credit card data regulated by the Payment Card Industry (PCI) • Passwords providing access to restricted data or resources • Court-ordered settlement agreements requiring non-disclosure • Information specifically identified by contract as restricted • Other information for which the degree of adverse affect that may result from unauthorized access or disclosure is high. 15 Do you have restricted information in your department? Guidelines for Dealing with Restricted Information IS-3, Appendix B • Restricted information should not be collected or stored unless absolutely necessary. • Access to restricted resources should be authorized only as needed to perform assigned duties. When destroying restricted information, don't forget about email attachments, screenshots, old or previous versions of files, drafts, archives, copies, backups, CDs/DVDs, old floppies, etc. • Ensure training for all individuals who have been granted access to restricted resources. • Delete or redact restricted information when there is no longer a business need for its retention. • When deleting restricted information, ensure record contents are rendered irretrievable by shredding or other means. 16 What is “PII”? As used in US privacy law and information security, personally identifiable information (“Pll”) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. For legal purposes, the effective definitions vary on the jurisdiction and the purposes for which the term is being used. 17 What is personal information? A term similar to Pll, "personal information" is specifically defined, in a section of the California data breach notification law, S81386:[14]. Here, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: • Social security number. • Driver's license number or California ldentification Card number. • Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. The definition does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. 18 What is “PHI”? Protected health information, or “PHI”, is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This may be interpreted broadly to include any part of a patient's medical record or payment history. 19 What is “FERPA”? The Family Educational Rights and Privacy Act of 1974, is a federal law regarding the privacy of student records and the obligations of the University, primarily in the areas of release of the records and the access provided to these records. At UCSB, the Registrar is the authoritative office for FERPA information. Refer to the Registrar's website for information about privacy requirements for student records, as well as related resources: https://registrar.sa.ucsb.edu/recinfo.aspx 20 Examples of Other Types of Confidential Information That Should Be Destroyed • Home address or home telephone number • Personal information protected by anti-discrimination and information privacy laws such as: • Ethnicity or Gender • Date of birth • Citizenship • Marital Status • Religion or Sexual orientation • Certain types of student records • Exams, answer keys, and grade books • Applicant information in a pending recruitment • Information subject to a non-disclosure agreement, including research data, intellectual property (IP), patent information and other proprietary data • Academic evaluations and letters of recommendation • Some kinds of personnel actions • "Pre-decisional" budget projections for a campus department (can also be marked "Draft" or "Not for Distribution") 21