Why is it important to identify the data I use?
In order to determine the potential impact of the reported compromise of your workstation, we need to better understand how the workstation is used and what data is handled as part of University business.
The campus has adopted a data classification standard to assist in measuring the business impact of breaches. Data classified as UC P4 results in the highest impact, and includes data elements such as:
- Social security number
- Driver's license number, California identification number
- Financial account numbers, credit or debit card numbers and financial account security codes, access codes, or passwords
- Personal medical information
- Personal health insurance information
- Unencrypted (plain-text) passwords
- Regulated research data
Questionnaire
Referring to the data elements above, consider any business use of your workstation involving data classified as UC P4, or “protected data” not including your personal/family information.
Please answer the following questions (Yes/No/Not sure) and send us your responses, either through the supplied Incident ticket or directly to security@berkeley.edu:
- While performing your normal duties, do you access protected data (UC P4) from the workstation for University business, including access to the data through central campus applications/services (ImageNow, PeopleSoft, HCM, Payroll/PPS, BFS, etc)?
- Do you suspect there are University (non-personal) documents containing protected data stored on the workstation?
- Are there file shares (also known as network drives or mapped drives) mounted on your workstation with stored protected data, whether or not you work with those files?
- Do you use accounts on this workstation that have privileged [administrator, superuser, database owner (dbo)] access to other systems with protected data?
- Do you store any usernames and passwords in plain-text (not encrypted) on the workstation?
- Do you work with Research data regulated by Campus Institutional Review Boards (IRB), California Committee for the Protection Human Subjects(CPHS), or subject to other Data Access Agreements?
If you answered “Yes” or “Not Sure” to any of the questions above, please provide additional details on your data usage. If there is a department head/manager who can help us understand your department’s data usage, please provide their contact information.
Please consult with IT Client Services, your local IT support contact, or email security@berkeley.edu if you are unsure how to answer these questions.