Due to increasing numbers of identity theft crimes, New York State enacted an Information Security Breach Notification Act which became effective December 2005. This law requires notification to any individual residing in NY State whose private information has been breached. Private information is defined under the law as personal information that consists of social security number; driver's license number or non-driver identification card; or account number, credit or debit card number (in combination with password or access code). Private information does not include information publicly available from federal, state or local government records. A breach of private information can occur if someone successfully hacks into a database or by the loss or theft of a computer, laptop, personal digital assistant (such as a Blackberry, Palm Pilot), etc. that contains private information.
The best way to lessen the likelihood of having private information lost or stolen is to minimize copying this type of private information to your local system, especially on portable devices which can be misplaced or stolen easily. If you must store private information, always be sure that it is encrypted. Contact your information systems support staff if you need assistance.
If you become aware that any system containing this data has been hacked, call your information systems support staff (ISD Help Desk, etc). If you experience a loss or theft of a device that contains private information, please notify your site's facility security staff (University Security Services, HH Public Safety, Law Enforcement). Because notification is required to each individual whose private information has been lost or stolen, you will be asked to provide the names and other identifying information of anyone whose information was on your device. In addition, it is necessary to contact your Privacy Officer and HIPAA Security Official who will help to determine the need to notify affected individuals. (Refer to HIPAA OS7 Incident Response.)
To report any loss to University Security, please call x5-3333.
Departments located off site can use the Satellite Info Breach Report Form (pdf download) to report the loss to University Security.
Click here to e-mail us
Maintained by University Security Services
URL: http://www.security.rochester.edu