Use of Instant Messaging & Other Transitory Communication Technologies
CSUB Information Security Policy
Date in Effect: November 2009
Policy Title: Use of Instant Messaging & Other Transitory Communication Technologies
Reference: CSU System-Wide Information Security Policy, 11.4 - Information System Logs
Instant Messaging and other types of communication technologies shall not be used for communicating messages that would constitute official business records of the University, nor shall these types of technologies be used for transmitting Level 1* confidential data, as defined by the University Information Security Policy.
- Confidential Information (Level I)
The following are considered Level I confidential information based on the significance of this information for the prevention of identity theft. Furthermore, as per the California Security Breach Information Act (SB 1386), any breach in the following information of any California resident that is unencrypted must be notified accordingly. SB 1386 defines a breach as "unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information."
- Social Security Number paired with last and first name or first initial
- Drivers license number or California identification card number paired with last and first name or first initial
- Bank account number or credit card number paired with last and first name or first initial
- Confidential Information (Level II)
The following Level II information should be "guarded" from access to unauthorized persons. This information is considered personal information and is regulated by various federal laws as well as CSU policy. Though this information does not require notification of breach, certain fines may apply if this information is mishandled. The guiding laws and policies for Level I information include FERPA, HIPPA, the Information Practices Act of 1977, California Public Record Act, and CSU policy HR 2003-05. All faculty and staff given access to the following information must complete and sign the CSUB Confidentiality Access and Compliance form. Student assistants given access to the following information must complete and sign the Banner Confidentiality Agreement.
- Any information in students' educational records that is not listed as non-confidential information.
Faculty and Staff
- Home Address
- Physical Description
- Home telephone number
- Medical history
- Performance evaluations
- ID card picture