INFORMATION TECHNOLOGY COMMITTEE MEETING NOTES
May 14, 2003
I. Welcome and Introductions
§ Members Present: Larry Merkley, Mark Cianca, Bob White, Phillip Stark, Bill Hyder, Peter Bergstrom, Charlie McDowell, Kathleen Dettman
§ Guests Present: Chuck Piotrowski, Janine Roeth, Steve Hauskins, Tad Reynales, Davi Ottenheimer,
§ Staff Present: Max Ritchie, Fana O’Halloran
II. SB 1386 Implementation/Campus Network Security – Janine Roeth
Larry recently sent a memo to the campus
informing principal officers, unit heads and department chairs about the new UCSC guidelines and
implementation procedures for management of computerized personal identity
information. An inventory assessment is also
being collected. UCSC procedures are
still in draft form.
Janine led the group through a slide
show, and provided more detailed background information on
SB 1386, the new part of the California Information Practices Act, which goes
into effect July 1, 2003. The resources are listed below:
Personal
Identity Information or "PII” - defined
It was suggested that there should be an independent person, who has no connection to any particular system, to report security breaches to. It was also noted that instances of PII across campus should be limited, and when possible, encrypted.
ITC members were encouraged to communicate additional comments and suggestions via email.
The group also discussed the Network Security Audit. Janine asked for suggestions for how to prepare for the Audit Committee between now and September. It was suggested that a management plan be developed to deal with specific elements of the audit. The idea of a campus security forum, where security issues could be discussed by a larger group of constituents was also broached. Finally, it was suggested that CATS offer services to mitigate risks, such as firewalls. Pat LeCuyer will draft a management plan that will be brought to ITC at a later date.
V. Next Meeting: May 28, 2003, 1:30-3:30, 325 McHenry Library