INFORMATION SERVICES DEPARTMENT
Title: Reporting a Lost or Stolen Computer or Electronic Storage Device
Washington State Senate Bill 6043, effective 7/24/05, and RCW 19.255.010 regulates the maintenance and dissemination of personal information by state agencies, and requires each agency to keep an accurate account of disclosures of personal information. Other Federal and State laws and regulations also govern the handling, storage, and dissemination of confidential information. To this end, ITS must be made immediately aware if any information is lost or stolen.
This procedure applies to users of campus desktop computers, laptops, and electronic storage devices, as well as to owners of desktop computers, laptops, and storage devices that contain University data, including personal, confidential and/or proprietary information. This procedure outlines the steps users must take to ensure the campus complies with all laws and regulations regarding personal and confidential information when desktop or laptop computers and electronic storage devices are lost or stolen.
Personal Information under RCW 19.255.010 is defined as an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: Social security number; Driver's license number or Washington identification card number; or Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Confidential Information includes all information listed above as well as financial records (FERPA); medical records (HIPAA); physical description; home address; home phone number; education; grades; ethnicity; gender; employment history; performance evaluations; disciplinary action plans; etc. Confidential information must be interpreted in combination with all information contained on the computer to determine whether a violation has occurred.
Proprietary Information is information that an individual or entity possesses, owns, or holds exclusive rights to. Examples include: white papers; research papers; business continuity and other business operating plans; e-mail messages; vitae; letters; confidential business documents; participants of an organization, class or group; detailed building drawings; network architecture diagrams; etc. Proprietary information, if lost or stolen, could compromise, disclose, or interrupt operations or embarrass the individual or the university.