Information Technology Services - Telephone Directory

October 31, 2007

Dear <addressed to a single campus employee who was affected>:

I am writing to inform you of a situation that directly affects you. On October 30, we were notified that your Social Security number was visible in Cal Poly’s online PDF telephone directory. We took immediate steps to remove your Social Security number from the directory and determined that this problem was caused by a data entry error on October 3, 2007.

We consider any incident in which an individual’s social security number is publicly accessible to be a serious matter and are sending you this information consistent with California Civil Code 1798.29. While we cannot advise you on how to proceed, one option you have is to contact one of the credit reporting agencies, each of which has an automated phone-in fraud alert process. To understand the effects of a fraud alert, please visit this Fact Sheet on Credit Freeze and Fraud Alerts.

Contact information for the credit agencies is listed below:

• Equifax 800.525.6285 http://www.equifax.com/
• Experian 888.397.3742 http://www.experian.com/
• Trans Union 800.680.7289 http://www.transunion.com/

Once you receive your credit reports, review them for any suspicious activity. If you see any accounts you did not open or incorrect personal information, call the credit bureau(s) or your local law enforcement agency (e.g., city police department) to file a report of identity theft. The following resources can provide additional information about identity theft:

• California Attorney General's Office – http://oag.ca.gov/idtheft/facts/top-ten
• The Federal Trade Commission – http://www.consumer.gov/idtheft
• California Office of Privacy Protection
• • http://privacy.ca.gov/cover/identitytheft.htm
  • http://privacy.ca.gov/cover/consumerinfo.htm

Information Technology Services (ITS) and Cal Poly take the security of personal data seriously. Steps have been taken to guard against future data entry errors. In addition, ITS is supporting Cal Poly’s move away from using Social Security numbers to identify individuals and will completely remove the use of Social Security numbers in our telephone billing system by January 2008.

We regret any inconvenience this situation may cause you. Should you have any questions about this event, you may contact me at tkearns@calpoly.edu or Vicki Stover, Campus Information Security Officer, at vstover@calpoly.edu.

Sincerely,

Tim Kearns, Chief Information Officer
Information Technology Services