|
|
||||||||||||||||||
...
| width | 25% |
|---|
Summary
...
LBNL is serious about protecting your private information. While most of our work is open and publishable, there are categories of operational and research information which must be protected according to Federal and State Law, as well as our own good judgment.
...
This website provides links to resources with information about implementation of Privacy protections at LBNL.
If you have any questions about
...
protecting private information
...
,
...
contact [email protected].
What is Protected Information?
Protected Information includes Personally Identifiable Information (PII) and Personal Health Information (PHI). Berkeley Lab defines the following data, alone or in combination, as Protected Information:
- Social security numbers
- Financial account information
- Drivers license numbers
- California state ID number
- Health information with personal identifiers, for example:
- Name plus insurance number
- Employee ID plus treatment information
- Any unique ID plus any medical information
| Warning | ||
|---|---|---|
DANGER: | Column | | |
| ||
| Column | ||
| ||
| Warning |
Why do we care so much about privacy?
A loss of Protected Information not only affects people’s privacy, but could hurt LBNL’s reputation and probably affect our open computing environment.
This also means that our employees are our first line of defense. Always ask yourself - do we really need to use Protected Information? Could something else, like employee ID, work just as well?
How can you help us?
Help us by making sure our Protected Information Requirements are met. Note:
- Use of Protected Information must be approved.
- Protected Information may only be stored in Institutional Business Systems (HRIS, FMS, etc)
...
- Note: eroom, email, gdocs,
...
- calendar
...
If there is a business need to store this information outside of the business systems, a security plan must be created and approved by your line management and by the computer protection program manager.
Your local workstation may not store collections of any of the above kinds of information. Your local workstation may process transient instances (not collections) of protected information, but you must take steps to ensure that the information is deleted in a timely manner. You must also ensure that your workstation does not contain multiple instances of this kind of information.
Paper collections and instances of PII must be protected and managed. Generally, paper instances should be minimized and paper collections should be protected with physical access measures. Paper instances and collections should be destroyed by shredding when they are no longer needed to support the work of the Laboratory or meet archiving requirements.
If you identify a business process that results in the collection of Protected Information outside of the business systems, please report it to [email protected]
It is your responsibility to ensure that appropriate controls are placed on all information collection at LBNL. Security is a line management responsibility.
Any suspected or known breach of PII (paper or electronic) must be immediately reported to the SB1386 Officer for LBL [email protected]
LINKS:
Important: SB1386 and HiPAA Information Defined
...
HIPAA:
Health Insurance Portability and Accountability Act
...
Personally Identifiable Information (PII) & SB 1386
...
Contacts:
SB 1386 Reporting Officer
UCB Resources SB 1386
Current Reportable SB 1386 Disclosures:
(none)
...
Your Responsibilities
...
Resources:
...
- are NOT Institutional Business Systems.
- Protected Information is prohibited on workstations.
- Contact [email protected] if you need help or suspect our requirements aren't being met.
- Immediately report any suspected or known loss of Protected Information to [email protected]
For approved business cases, our requirements cover:
