Top Info
Summary, Keywords, and Notes |
|---|
LBNL takes seriously the responsibility to appropriately protect the private information we are entrusted with. While most of our work is open and publishable, there are categories of operational and research information which must be protected according to Federal and State Law, as well as our own good judgment. |
NEW: 2008-2009 PII Training <-- Click here
If you are concerned about information security, because you process personally identifiable information (names or other identifiers matched with social security numbers, or account numbers), personal health information (names or other identifiers matched with health data), or other LBNL protected information, your best resource is to take the online training linked below. Then work with your line management and any necessary subject matter experts to take appropriate steps to secure the information under your control. If you need additional assistance or guidance, please contact [email protected]
DANGER:
Social Security Number, Driver's License #, Financial Account Number
Baseline Responsibilities
You may not collect and store Protected Informationat LBNL to include Social Security Numbers, Personally Identifiable Heatlh Information, Driver's License Numbers, or Financial Account Numbers without prior authorization from the Computer Protection Program. When approved, this information may only be stored in Institutional Business Systems at LBNL (HRIS, FMS, etc).
Note: eroom, email, and calendar and other non-business systems are not acceptable means for transmitting, sharing, or storing this information.
If there is a business need to store this information outside of the business systems, a security plan must be created and approved by your line management and by the computer protection program manager.
Your local workstation may not store collections of any of the above kinds of information. Your local workstation may process transient instances (not collections) of protected information, but you must take steps to ensure that the information is deleted in a timely manner. You must also ensure that your workstation does not contain multiple instances of this kind of information.
Paper collections and instances of PII must be protected and managed. Generally, paper instances should be minimized and paper collections should be protected with physical access measures. Paper instances and collections should be destroyed by shredding when they are no longer needed to support the work of the Laboratory or meet archiving requirements.
If you identify a business process that results in the collection of Protected Information outside of the business systems, please report it to [email protected]
It is your responsibility to ensure that appropriate controls are placed on all information collection at LBNL. Security is a line management responsibility.
Any suspected or known breach of PII (paper or electronic) must be immediately reported to the SB1386 Officer for LBL [email protected]
