Destroying Confidential and Restricted Information

Presentation #3
Destroying Confidential
and Restricted Information
This presentation defines confidential and restricted information
and gives examples of data that should be destroyed.
Stay Tuned!
This is the THIRD in a series of
presentations to help departments
prepare for campus clean-up day.
February 20th Collection Locations
We will have four collection areas on campus. The shredding
trucks will visit each of these locations as follows:
• The onsite shredding truck will be stationed from 9:00-3:00 in
Parking Lot 15 (near Cheadle Hall and North Hall.)
• The other shredding truck will rove around to the pick-up
locations stationed around campus. The schedule for the
roving truck is:
o 9:00 - 11:00: Parking Lot 11 (near Chemistry and Physical
Sciences buildings)
o 11:00 – 1:00: Noble Hall Service Lot
o 1:00 – 3:00: Thunderdome (East Service Area)
Shredding onsite
Shredding collected
Shredding collected
Shredding collected
How do I get started?
the records you have
• Records in shared drives should have
names that help identify what they are.
• There may be a list of files for your file
cabinets and boxes.
• CDs and flash drives likely have labels.
Determining the people who use the
documents can help you identify what the
records are and whether they are still in use.
the UC Record
Retention Schedule
The Retention Schedule can be found at:
If you are unsure how to use the retention
schedule, you can watch a taped webinar:
whether the records
can be destroyed
The retention period has
lapsed, and no one uses
the records…
Destroy or delete the
records. Shred sensitive,
confidential, or restricted
paper records.
The retention period has
lapsed, but people still
use the records…
Contact UCSB Record
Manager Tessa Mendez
about your situation.
The retention period has
lapsed, but they are part
of an ongoing litigation,
investigation, PRA
request, or audit…
Keep the records.
Remember- You should NOT
destroy a record if there is:
A public records act request;
Pending, foreseeable, or ongoing litigation;
An investigation; or
An ongoing audit pertaining to the records is taking place.
This is called a “records freeze.” The records cannot be destroyed under
the Record Retention Schedule until these actions have been
completed or resolved.
Methods of disposal need to take into account the subject
matter or contents of the records. Records containing
information if used inappropriately could adversely affect
the university, its partners, or the public must not be
disposed of casually. Instead such records must be
destroyed so that they cannot practicably be
RMP 2, Appendix B
Intermingled Records
In some cases, records
requiring destruction may be
intermingled with disposable
records to such an extent
that it is more cost-effective
to destroy an entire group of
records, rather than picking
out just those for which
destruction is required.
RMP 2, Appendix B
What information must be destroyed?
The next slides will address:
• Confidential information,
• Restricted information,
• Personally identifiable information,
• Personal information,
• Protected health information.
Records containing these types of
information must be destroyed when the
retention period has lapsed.
Confidential Information
Confidential Information:
The term “confidential information” applies broadly to information
for which unauthorized access or disclosure could result in an
adverse effect. To address this risk, some degree of protection or
access restriction is warranted.
Appendix B
Restricted Information
Restricted Information:
"Restricted information" is UC's term for the most sensitive
confidential information. Restricted information or data is any
confidential or personal information that is protected by law or policy
and that requires the highest level of access control and security
protection, whether in storage, transit, or deletion.
Examples of Restricted Information
• Personally Identifiable Information (PII)
• Protected health information (PHI) protected
by Federal HIPAA legislation
• Credit card data regulated by the Payment
Card Industry (PCI)
• Passwords providing access to restricted data
or resources
• Court-ordered settlement agreements
requiring non-disclosure
• Information specifically identified by contract
as restricted
• Other information for which the degree of
adverse affect that may result from
unauthorized access or disclosure is high.
Do you have
restricted information
in your department?
Guidelines for Dealing with
Restricted Information
IS-3, Appendix B
• Restricted information should not be collected or
stored unless absolutely necessary.
• Access to restricted resources should be
authorized only as needed to perform assigned
When destroying restricted
information, don't forget about
email attachments, screenshots,
old or previous versions of files,
drafts, archives, copies, backups,
CDs/DVDs, old floppies, etc.
• Ensure training for all individuals who have been
granted access to restricted resources.
• Delete or redact restricted information when there
is no longer a business need for its retention.
When deleting restricted information, ensure
record contents are rendered irretrievable by
shredding or other means.
What is “PII”?
As used in US privacy law and information
security, personally identifiable information
(“Pll”) is information that can be used on its own
or with other information to identify, contact, or
locate a single person, or to identify an
individual in context. For legal purposes, the
effective definitions vary on the jurisdiction and
the purposes for which the term is being used.
What is personal information?
A term similar to Pll, "personal information" is specifically defined, in a section
of the California data breach notification law, S81386:[14]. Here, "personal
information" means an individual's first name or first initial and last name in
combination with any one or more of the following data elements, when either
the name or the data elements are not encrypted:
• Social security number.
• Driver's license number or California ldentification Card number.
• Account number, credit or debit card number, in combination with any
required security code, access code, or password that would permit access
to an individual's financial account.
The definition does not include publicly available information that is lawfully
made available to the general public from federal, state, or local government
What is “PHI”?
Protected health information, or “PHI”, is any
information about health status, provision of
health care, or payment for health care that can
be linked to a specific individual. This may be
interpreted broadly to include any part of a
patient's medical record or payment history.
What is “FERPA”?
The Family Educational Rights and Privacy Act
of 1974, is a federal law regarding the privacy of
student records and the obligations of the
University, primarily in the areas of release of
the records and the access provided to these
records. At UCSB, the Registrar is the
authoritative office for FERPA information. Refer
to the Registrar's website for information about
privacy requirements for student records, as
well as related resources:
Examples of Other Types of Confidential Information
That Should Be Destroyed
• Home address or home telephone number
• Personal information protected by anti-discrimination and
information privacy laws such as:
• Ethnicity or Gender
• Date of birth
• Citizenship
• Marital Status
• Religion or Sexual orientation
• Certain types of student records
• Exams, answer keys, and grade books
• Applicant information in a pending recruitment
• Information subject to a non-disclosure agreement, including
research data, intellectual property (IP), patent information and
other proprietary data
• Academic evaluations and letters of recommendation
• Some kinds of personnel actions
• "Pre-decisional" budget projections for a campus department (can
also be marked "Draft" or "Not for Distribution")

similar documents