Your Information Security Responsibilities After Graduation
After graduating from UCSF, your UCSF e-mail and other accounts close six months following your official graduation date as described in E-mail and Other Accounts After Graduation. This page discusses your remaining responsibilities related to information security and security software.
If you are Continuing at UCSF, you do not need to follow these instructions except that you must destroy PHI you no longer need.
Our common goal is to prevent data breaches.
What to do
All protected health information that you obtained while at UCSF must be destroyed—no exceptions.
Consider where you might have PHI, then destroy it.
Where is the PHI?
How to destroy
You must take extra steps to ensure those data are destroyed. Deleting then emptying the recycle bin or trash is not enough.
Details: see the section called Removed Securely.
These must be securely destroyed, preferably by trusted data destruction professionals. See the section called Secure Destruction.
Where to look for PHI
On your computer
On other devices
In external services
UCSF permits legally protected data in an external service only if UCSF has an appropriate legal agreement for it. As of October 3, 2016, these include only Box, CrashPlan, Qualtrics, and REDCap.
PHI should not have been stored in any other external services, so this is a reminder to look for it there and if found to report a security incident. For example, unencrypted PHI found in a Gmail or Dropbox account must be reported. Unencrypted PHI found in your UCSF Box account and outside of your Box secure folder must be reported.
- If your computer later encounters problems we don’t want UCSF’s security software to be a hurdle in resolution.
- If you join another organization that has similar security software, we don’t want UCSF’s security software to interfere.
- UCSF should no longer monitor whether your computer meets its security standards.
- It can free software licenses to be available to entering students.
- It makes some space available on your device for other data or applications.
Call the helpdesk
Because decrypting can sometimes cause your computer to fail unrecoverably and because some UCSF-provided security software is difficult to uninstall by design, you should call the IT Service Desk at 415-514-4100 for help. The Service Desk will assist you—even after you leave UCSF. The IT Service Desk can help you remove:
- Box Sync
- Dell Data Protection Encryption (DDPE)
- ForeScout SecureConnector (also known as Secure Connector)
- IBM Endpoint Manager (also known as BigFix, BigFix Client, IBM BigFix, TriggerClientUI, and Tivoli Endpoint Manager)
- JAMF Software Self Service
- Juniper Networks Network Connect
- Junos Pulse
- Symantec Encryption Desktop (also known as PGP)
- Symantec Endpoint Protection (SEP), which includes Symantec SmallScanner
You might have other unneeded software; review and uninstall as you see fit.
If you have CrashPlan installed using the UCSF discount, you may continue using CrashPlan. When you renew, it will be at the undiscounted rate.
If you are joining an organization that has its own security standards
Contact its information technology staff for steps you need to take to meet their security standards. If needed, refer them to our IT Service Desk.
If you are not joining an organization that has its own security standards
Install security solutions that meet your needs. For example:
Microsoft Windows Defender for antivirus (Windows only)
an encryption solution of your choice
How do I know if this software is installed on my computer?
Method A: Open the Start Menu and select All Programs.
Method B: Open the Programs and Features control panel. In older versions of Windows, look for the Add/Remove Programs control panel instead.
Method A: Open your Applications folder.
Method B: Use Spotlight.
Call the IT Service Desk at 415-514-4100.
Go to: Info for Graduating Students