Electronic Media & Portable Devices
CSUB Information Security Policy
Date in Effect: November 2009
Policy Title: Electronic Media & Portable Devices
Reference(s): CSU Information Security Policy, 11.3 - Mobile Devices &
CSU System-Wide Information Security Standards, 12.4 - Data Storage
Electronic media such as CD's, DVD's, Flash Drives, etc. shall not be used for the storage or transport of Level 1* confidential data, as defined by the CSUB Information Security Policy, unless the data are encrypted or biometric security is employed at the device level.
The use of portable devices such as laptops, PDA's, cell phones, etc. shall not be used for the storage or transport of Level 1* data unless the data are encrypted. The University Information Security Officer may, on a case-by-case basis, approve an alternative to encryption of data as a means to protect information assets. Such approval shall be made in writing.
- Confidential Information (Level I)
The following are considered Level I confidential information based on the significance of this information for the prevention of identity theft. Furthermore, as per the California Security Breach Information Act (SB 1386), any breach in the following information of any California resident that is unencrypted must be notified accordingly. SB 1386 defines a breach as "unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information."
- Social Security Number paired with last and first name or first initial
- Drivers license number or California identification card number paired with last and first name or first initial
- Bank account number or credit card number paired with last and first name or first initial
- Confidential Information (Level II)
The following Level II information should be "guarded" from access to unauthorized persons. This information is considered personal information and is regulated by various federal laws as well as CSU policy. Though this information does not require notification of breach, certain fines may apply if this information is mishandled. The guiding laws and policies for Level I information include FERPA, HIPPA, the Information Practices Act of 1977, California Public Record Act, and CSU policy HR 2003-05. All faculty and staff given access to the following information must complete and sign the CSUB Confidentiality Access and Compliance form. Student assistants given access to the following information must complete and sign the Banner Confidentiality Agreement.
- Any information in students' educational records that is not listed as non-confidential information.
Faculty and Staff
- Home Address
- Physical Description
- Home telephone number
- Medical history
- Performance evaluations
- ID card picture