Protecting Electronic Restricted Data
CONTENTS:
Everyone is responsible for the appropriate protection of restricted data under their jurisdiction or control.
General practices for the management and protection of electronic restricted data are available below. Online computer security training is also available.
If there is any question about whether restricted data is being adequately protected, a review by UCSC IT Security or UCSC Internal Audit staff should be requested.
Practices for Protecting P3-P4 Data:
Practices for Protecting Electronic P3-P4 DataGeneral information and guidance to help protect UCSC's electronic P3-P4 data and reduce the risk of unauthorized access or disclosure.
Specific Responsibilities:
- Everyone is responsible for the appropriate protection of restricted data under their jurisdiction or control.
- System Stewards are responsible for identifying restricted data under their purview and communicating this information, along with associated information about appropriate access and use, degree of sensitivity, criticality, and risk tolerance, to Management and Service Providers.
- Service Providers are responsible for understanding the above information from System Stewards and for ensuring the appropriate protection of restricted data on systems under their control, including any downloading of such information or temporary storage on other systems.
- Management is responsible for understanding the above information from System Stewards and for ensuring that individuals have appropriate authorization and user and security training prior to accessing restricted data.
Getting Help:
Contact the ITS Support Center with questions or for additional information about any of the above sets of practices: slughub.ucsc.edu, help@ucsc.edu, 459-HELP (4357).
Additional Resources:
- The IT Security website
- Practices for Protecting Electronic P3-P4 Data
- Personally Identifiable Information (PII) Resources
Rev. Oct 2015