If you are concerned about information security, take our online training. Then work with your line management and any necessary subject matter experts to take appropriate steps to secure the information under your control. If you need additional assistance or guidance, please contact [email protected] | Warning |
|---|
DANGER: Social Security Number, Driver's License #, Financial Account Number |
Baseline Responsibilities You may not collect and store Protected Information at LBNL to include Social Security Numbers, Personally Identifiable Heatlh Information, Driver's License Numbers, or Financial Account Numbers without prior authorization from the Computer Protection Program. When approved, this information may only be stored in Institutional Business Systems at LBNL (HRIS, FMS, etc). Note: eroom, email, and calendar and other non-business systems are not acceptable means for transmitting, sharing, or storing this information. If there is a business need to store this information outside of the business systems, a security plan must be created and approved by your line management and by the computer protection program manager. Your local workstation may not store collections of any of the above kinds of information. Your local workstation may process transient instances (not collections) of protected information, but you must take steps to ensure that the information is deleted in a timely manner. You must also ensure that your workstation does not contain multiple instances of this kind of information. Paper collections and instances of PII must be protected and managed. Generally, paper instances should be minimized and paper collections should be protected with physical access measures. Paper instances and collections should be destroyed by shredding when they are no longer needed to support the work of the Laboratory or meet archiving requirements. If you identify a business process that results in the collection of Protected Information outside of the business systems, please report it to [email protected] It is your responsibility to ensure that appropriate controls are placed on all information collection at LBNL. Security is a line management responsibility. Any suspected or known breach of PII (paper or electronic) must be immediately reported to the SB1386 Officer for LBL [email protected] LINKS: Important: SB1386 and HiPAA Information Defined | 