The UCIT Office of Information Security (UCIT OIS) is responsible for the protection of data items that UC collects and has on file about you. For more detailed information on how we work to protect and safeguard your information please go to: About UCIT OIS. Expand each section below to find descriptions of laws relating to the protection of data:
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Prevents the unauthorized release of personal records. |
UCIT OIS provides guidance on how to secure personally identifiable information (PII). In addition UCIT OIS responds to and investigates potential privacy violations at the university. |
||
Protects wire, oral, and electronic communications when being made, in transit, or stored on computers. |
UCIT OIS provides guidance to secure wire, oral, and electronic communications. In some instances UCIT OIS is responsible for verification of the compliance. |
||
Enables increased federal prosecution of identity theft crimes and restitution to victims of identity theft. |
UCIT OIS responds to, investigates and cooperates with local and federal law enforcement on identity theft cases. |
||
Requires the university to provide students with access to their education records, an opportunity to have the records amended, and some control over the disclosure of information from the records. |
UCIT OIS supports the Office of the Registrar on FERPA compliance matters as deemed necessary. |
||
Requires state agencies to adopt new rules for governing access to confidential personal information. |
UCIT OIS provides guidance on how to secure personally identifiable information (PII). In addition UCIT OIS responds to and investigates potential privacy violations. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Regulates how information is being shared in regards to financial institutions. |
UCIT OIS supports the Division of Administration and Finance (A&F) in achieving GLBA compliance. UCIT OIS also provides general guidance on internal controls over financial data and transactions. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Red Flag requires university units to develop policies and procedures when they receive a notice of address discrepancy from a consumer-reporting agency. The regulation also requires the university to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. |
UCIT OIS assists university units such as Finance and Financial Aid to develop compliant operational processes and Identity Theft Prevention Programs. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Requires the university to have a login banner on all university computers/servers to ensure a successful prosecution if fraud and related activity occur on a university computer. |
UCIT OIS proactively monitors UC’s network for malicious activity. In addition UCIT OIS partners with local and federal law enforcement on cyber incidents. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Intended to reduce hacking of computer systems. |
UCIT OIS proactively monitors UC’s network for malicious activity. In addition UCIT OIS partners with local and federal law enforcement on cyber incidents. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Improves the security and privacy of sensitive information in Federal computer systems and establishes minimum acceptable security practices for such systems. |
UCIT OIS establishes policies, procedures, standards for unified security architecture. |
||
The Office of Research advises if the university has contracts with federal agencies that require compliance with this act. |
UCIT OIS assesses FISMA requirements in order to provide confidentiality, integrity, and availability. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Helps organizations proactively protect customer account data. |
UCIT OIS supports the Office of the Treasury to assist with technical questions regarding PCI. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Health Insurance Portability and Accountability Act (HIPAA) (Being reviewed) |
Ensures the security and privacy of the patient's data. |
UCIT OIS partners with UC Academic Health Center and other relevant areas of the university to establish and support a robust and sustainable HIPAA control framework. |
Law |
How it applies to UC |
UCIT OIS Responsibilities |
Resources |
Provides liability protection when concerning copyright infringement. |
UCIT OIS is responsible for the compliance of DMCA at the university. |
||
States measures to protect copyrighted works. |
UCIT OIS partners with other university departments to interpret and enforce compliance with the law. |