Most of us use technology to buy, communicate, share, create, research, record--and, we hope, not see our private information get stolen along the way, despite attacks like the recent Anthem breach. At UC Davis, Chief Information Security Officer Cheryl Washington and Privacy Officer Lynette Temple work to keep campus information secure. In this short Q&A written for Data Privacy Month, they answer a few questions about information security at UC Davis, and offer advice on what you can do to help keep your data private.
It's winter 2015. What is the top current issue in privacy at UC Davis?
Cheryl: Raising awareness.
Lynette: I agree. Since most data security breaches are the result of human error, it's important that faculty, students and staff know the best practices for using technology, and for protecting personal or other confidential information.
Training can provide that knowledge, but generating interest in training is challenging because people often feel they don't have time for it, or think they already know enough. But even if you know how to spot phishing, to name just one kind of fraud, you still need to keep current.
Cheryl's unit has purchased security-training modules called SANS Securing the Human. They're very brief--approximately 3 to 5 minutes each--on specific topics related to privacy and security protections. UC Davis faculty and staff can watch them for free. The videos get updated routinely. They're very useful.
Lynette, you're the campus privacy officer, and Cheryl, you're the chief information security officer. Where do your responsibilities overlap?
Lynette: We both know about the laws that relate to the privacy and protection of information, such as the California Information Practices Act and the Family Educational Rights and Privacy Act, and the Health Insurance Portability and Accountability Act, and so in each of our areas we work to protect information as required by those laws.
We also work within the culture of the institution, to address the balance of interests involved when there are questions about accessing data maintained by the university. Cheryl and I work collaboratively to address campus needs that relate to privacy and security of information.
Cheryl: The important part is how we plan to work together to support the security and privacy needs of the campus community. Privacy and security are complex topics, and the landscape is changing.
Many people seem to have given up on the idea that they can keep their information absolutely private, or their data absolutely secure. Should they give up?
Cheryl: No. It is difficult to control who has access to your information and how that data is used. Nevertheless, as individuals we have a responsibility to do whatever we can to protect our personal information.
Lynette: People should not give up. They should educate themselves on the ways to best protect their personal information. When in doubt, ask questions before clicking on any "accept" button.
What level of privacy and security can people reasonably expect?
Cheryl: There is not a simple answer. At a minimum, we should expect those who have our personal information to exercise due care to protect it. And we should expect that our data will be used only for the purposes described when we disclosed it.
Lynette: I agree, and I know that Cheryl's team works hard from the security standpoint to ensure that systems used to store data here on campus are well protected.
What's your best advice to faculty, students and staff on how to keep their private information secure?
Cheryl: Be select as to who you share your data with, and take advantage of encryption.
Lynette: Take the SANS Securing the Human training modules, to get helpful tips that you might not have thought about.
If people want to learn more about privacy or security, what's a good resource?
Cheryl: Lynette and I are good resources. If we do not have the answer, we will find it. We are preparing a new website that will help answer many of the questions our faculty, students, and staff have about privacy and security.
Lynette: For now, during UC Davis Privacy month in February, we have this Privacy Month website. To learn more about the privacy practices and principles at UC, see the Privacy principles and practices at UC website.