Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 45 – Information Security

Revised May 20, 2013

View All Sections >

49020.9.1 High Risk Confidential Information

  • No High Risk Confidential Information (HRCI) shall be present on any computer resource, including workstations that are not under the CDCRCalifornia Department of Corrections and Rehabilitation’s direct control unless authorized on a case-by-case basis by the ISOInformation Security Officer AISO and the owner of the information unless encrypted using a CDCRCalifornia Department of Corrections and Rehabilitation approved encryption standard. HRCI is defined as non-public information that if disclosed could result in a significant harm (including financial, legal, risk to life and safety or reputational damage) to the CDCRCalifornia Department of Corrections and Rehabilitation or individual(s) if compromised through alternation, corruption, loss, misuse, or unauthorized disclosure.  Examples of HRCI include, but are not limited to, information such as the following:

    • Personally identifiable information such as person’s name in conjunction with the person’s social security, credit or debit card information, individual financial account, driver’s license number, state IDInstitutions Division (see DAI) number, or passport number, or a name in conjunction with biometric information;

    • Personal health information such as any information about health status, provisions of health care, or payment for health care information as protected under the Health Insurance Portability and Accountability Act of 1996;

    • Correctional Offender Record Information as defined in California PCPenal Code §§ 13100-13104;

    • All ITInformation Technology infrastructure information that would reveal vulnerabilities to, or otherwise increase the potential for an attack on, an information technology system of a public agency, including but not limited to firewall and router configurations, server names, IP addresses, and other system configurations;

    • Any Document which contains information identifying any Confidential Informant, or information provided, as defined in CCRCalifornia Code of Regulations Title 15, Section 3321;

    • Any documentation of information which contains information or data within any Gang Data Base as defined in the DOMDepartment Operations Manual §§ 52070.22 through 52070.24;

    • Records of investigations, intelligence information, or security procedures as specified in the PRAPublic Records Act § 6254(f).

  • Appropriate procedures to utilize confidential CDCRCalifornia Department of Corrections and Rehabilitation information on any of CDCRCalifornia Department of Corrections and Rehabilitation’s computer resources, including any computer such as mainframes, serversmid-range, workstation, and other information assets on the CDCRCalifornia Department of Corrections and Rehabilitation network are outlined in this Article. The level of security measures shall be commensurate with the data classification of the information involved.