Your Information Security Responsibilities After Graduation
Overview
After graduating from UCSF, your UCSF e-mail and other accounts close six months following your official graduation date as described in E-mail and Other Accounts After Graduation. This page discusses your remaining responsibilities related to information security and security software.
You must:
If you are Continuing at UCSF, you do not need to follow these instructions except that you must destroy PHI you no longer need.
Destroy all PHI
Our common goal is to prevent data breaches.
What to do
All protected health information that you obtained while at UCSF must be destroyed—no exceptions.
Consider where you might have PHI, then destroy it.
Where is the PHI? |
How to destroy |
---|---|
|
|
|
You must take extra steps to ensure those data are destroyed. Deleting then emptying the recycle bin or trash is not enough. Details: see the section called Removed Securely. |
|
These must be securely destroyed, preferably by trusted data destruction professionals. See the section called Secure Destruction. |
Where to look for PHI
On your computer |
|
---|---|
On other devices |
|
In external services |
UCSF permits legally protected data in an external service only if UCSF has an appropriate legal agreement for it. As of October 3, 2016, these include only Box, CrashPlan, Qualtrics, and REDCap. PHI should not have been stored in any other external services, so this is a reminder to look for it there and if found to report a security incident. For example, unencrypted PHI found in a Gmail or Dropbox account must be reported. Unencrypted PHI found in your UCSF Box account and outside of your Box secure folder must be reported. |
Decrypt and uninstall UCSF IT software
Why?
- If your computer later encounters problems we don’t want UCSF’s security software to be a hurdle in resolution.
- If you join another organization that has similar security software, we don’t want UCSF’s security software to interfere.
- UCSF should no longer monitor whether your computer meets its security standards.
- It can free software licenses to be available to entering students.
- It makes some space available on your device for other data or applications.
Call the helpdesk
Because decrypting can sometimes cause your computer to fail unrecoverably and because some UCSF-provided security software is difficult to uninstall by design, you should call the IT Service Desk at 415-514-4100 for help. The Service Desk will assist you—even after you leave UCSF. The IT Service Desk can help you remove:
- BigFix Endpoint Manager
- Box Drive
- Box Edit
- CipherCloud for Box
- Dell Data Protection Encryption (DDPE)
- ForeScout Secure Connector NAC
- Pulse Secure VPN
- Ivanti Secure Access VPN
- Symantec Endpoint Protection (SEP)
You might have other unneeded software; review and uninstall as you see fit.
CrashPlan
If you have CrashPlan installed using the UCSF discount, you may continue using CrashPlan. When you renew, it will be at the undiscounted rate.
Install non-UCSF security software you need
If you are joining an organization that has its own security standards
Contact its information technology staff for steps you need to take to meet their security standards. If needed, refer them to our IT Service Desk.
If you are not joining an organization that has its own security standards
Install security solutions that meet your needs. For example:
-
An anti-virus anti-malware solution of your choice e.g. Microsoft Windows Defender for Windows
-
An encryption solution of your choice e.g. FileVault for Mac or BitLocker for Windows
Questions?
Call the IT Service Desk at 415-514-4100.
Related links
Go to: Info for Graduating Students