Security Breach Notifications (SB 1386 Compliance)
The University’s practice is to disclose any breach of system security to all affected individuals (not only California residents as required by law) whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
All individuals (student, faculty, staff, consultant, contractor or any other individual) with access to confidential information are responsible for immediately reporting a security breach. See Section E, Appendix D, Responsible Use Policy Implementation Practices for procedures and definition of personal information.
If it has been determined that unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person due to a security breach, the campus Information Security Officer will work with the department to develop an appropriate notification to the affected individuals based on each specific situation.