Privacy Best Practices

  • Apply privacy principles to everyday work.
  • Determine whether information is necessary and relevant to document/process.  If you do not “need” the information for a specific purpose, don’t collect it!
  • Adopt “clean desk” practices: secure documents in locked cabinets, lock computer when unattended – even temporarily.
  • Do not include Restricted Information on payment documents (post travel, direct pay, etc.)
  • Use last four digits only when requesting SSN to confirm identity.
  • Inform vendors SSN is not required on invoices.
  • Require UCSB Net ID access to databases containing personal and restricted information.
  • If electronic systems are unsecure, use encrypted data and do not use unsecure email to transmit.
  • Do not scan documents containing restricted information on an unsecure scanner.
  • Do not store documents containing restricted information if not “Office of Record.”
  • Follow the University of California Records Retention Policies and Schedule.
  • Ensure personal information is removed form computers, hard drives, USB devices, etc. prior to equipment reuse/disposal.
  • Report suspected information security breach immediately to supervisor, Information Practices, and ITS (hard copy and electronic)
  • Avoid “shoulder surfers.”