8025.0 - Privacy of Personal Information Supplemental Policy

8025.300 Access to Personal Information

The University’s Information Security Office is responsible for integrating existing federal and state privacy laws with University policies in an overall effort to protect personal information (e.g. social security number, home address, date of birth, etc.). This office is managed by the campus Information Security Officer.

Members of the CSU East Bay community are reminded that personal information (e.g. social security number, home address, date of birth, etc.) regarding students, faculty, staff or other members of the University community is protected by several federal and state laws including the Gramm-Leach-Bliley (G-L-B) Act for the safeguarding of non-public personal information, the California Information Practices Act (IPA) for the protection of personal information generally, the Family Educational Rights and Privacy Act (FERPA) for the protection of information contained in student records, and the Health Insurance Portability and Accountability Act (HIPAA) for the management of patient’s personal and health information. 

Process for releasing personal information 

Information about individuals must be released in accordance with University procedures and protocols which include but are not limited to the following:

• Any member of the campus community who is contacted by individuals who identify themselves as law enforcement officers or otherwise request information for law enforcement purposes shall direct the requestor to the University Police Department. The Police Chief or designee will evaluate the request and determine next steps, if any. If the requestor is in possession of a subpoena and/or a court order, the requestor shall be directed to the Information Security Officer.
• Any member of the campus community who suspects that someone has gained unauthorized access to a computing system that contains or has network access to unencrypted protected data should contact the IT Service Desk at 510-885-4357, or 'servicedesk@csueastbay.edu'. The IT Service Desk will forward any reports to Information Security Officer (ISO) and Chief Information Officer (CIO).
• Any member of the campus community who inadvertently discloses personal information (e.g. social security number, home address, date of birth, etc.) to an unauthorized person or entity should immediately contact the IT Service Desk at 510-885-4357, or 'servicedesk@csueastbay.edu'. The IT Service Desk will forward any reports to Informaiton Security Officer (ISO) and Chief Information Officer (CIO).

The California Information Practices Act requires that owners of computerized data must give notice of any security breach to affected persons in the most expedient time possible and without reasonable delay. We ask that you contact the IT Service Desk at 510-885-4357, or 'servicedesk@csueastbay.edu' if you suspect a security breach has occurred in your area.