A University of California privacy and information security framework
In June of 2010, former UC President Mark Yudof convened the University of California Privacy and Information Security Steering Committee to perform a comprehensive review of the University’s current privacy and information security policy framework and to make recommendations about how the University should address near-term policy issues and longer-term governance issues related to privacy and information security.
The full Steering Committee report has now been posted, as is an executive summary. President Yudof’s response letter should also be read to get the full context.
I’m really, really proud of how this turned out, the result of many stellar people’s hard work. It’s particularly rewarding to see that implementation efforts are underway, with each campus designating a privacy official as a first step. (That would be me for UCLA, though my designation came before the report’s completion). Beyond UC, the definitional diagram may be the enduring part of this whole effort. (I have previously used a variant of this diagram that includes an additional label, IT security.)
(Just in, this op-ed by Tracy Mitrano in Inside Higher Ed: So Goes California.)
Comments are closed.
@KentWada
Kent Wada 
Just had a look at the final report (Jan ’13) and was wondering if its production was shaped by any specific security frameworks (like ISO27001)? Only asking out of curiosity; the end result is excellent.
We did examine a number of privacy frameworks during the development of the report, but did not do so explicitly in terms of security frameworks. There is a sentence in the report about an expected project to reexamine the University’s information security policies: that project is underway and currently is tracking ISO27001/2. Thanks for the compliment!