University Committee for the Protection of Personal Data (UCPPD)
UCPPD provides processes and structures for best practices regarding the security and protection of personal data in possession of the University, including:
- Review current campus collection and uses of social security numbers and other personal identifying information as defined by the North Carolina Identity Theft Protection Act.
- Approving or disapproving such collection and use of personally identifiable information.
- Reviewing security measures associated with hard copy forms and electronic templates that contain personally identifiable information.
- Documenting the University’s processes for the collection and use of personally identifiable information (including Social Security numbers).
- Recommending institutional changes needed for continuing compliance or best practices.
- Oversight of activities needed to implement the Red Flags Rule.
See the UCPPD Charter for additional information.
For details on submitting a request for approval, see the UCPPD Review Process document.
Membership
| Name | Office | Position |
|---|---|---|
| Micki Jernigan, Chair | Information Technology Services | Chief Privacy Officer |
| Dennis Schmidt | Information Technology Services | Assistant Vice Chancellor and Chief Information Security Officer |
| Dean Weber | Internal Audit | Chief Audit Officer |
| Wendy Andrews | Office of the Executive Vice Chancellor and Provost | Executive Business Manager |
| Rich Arnold | Office of Human Resources | Senior Director, HR Information Management |
| David T. Lambeth III | Office of University Counsel | Assistant University Counsel |
| Christy Samford | Office of University Registrar | Deputy Registrar |
| David Rankin ITEC Rep | School of Dentistry | IT Director |
Meeting Dates and Deadlines
The UCPPD meets monthly. Requests must be submitted for review at least 10 business days before the meeting in order to be considered for that month’s agenda. See the UCPPD Review Process document for details on submission requirements.
Meeting Date: 3rd Tuesday 3-5 p.m. (with 30-minute time slots assigned by IPO).
Submission Deadline: 1st Tuesday by 5 p.m.
*adjusted for holiday
| Month | Submission Deadline | Meeting Date |
|---|---|---|
| Dec | 11/26/19* | 12/10/19* |
| Jan | 1/7/20 | 1/21/20 |
| Feb | 2/4/20 | 2/18/20 |
| Mar | 3/3/20 | 3/17/20 |
| Apr | 4/7/20 | 4/21/20 |
| May | 5/5/20 | 5/19/20 |
| June | 6/2/20 | 6/16/20 |
| July | 7/7/20 | 7/21/20 |
| Aug | 8/4/20 | 8/18/20 |
| Sept | 9/1/20 | 9/15/20 |
| Oct | 10/6/20 | 10/20/20 |
| Nov | 11/3/20 | 11/17/20 |
| Dec | 12/1/20 | 12/15/20 |
Additional Resources
- UNC GA Memo Red Flag Rules
- UNC GA Model ID Theft Program
- NC State Controller Red Flag Rules Advisory Memo
- Red Flags Rule (16 C.F.R. Section 681.1)
- Appendix A to Part 681—Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation (Published as an appendix to the Red Flags Rule, provides an outline for developing a program.)
- Supplement A to Appendix A (Provides examples of Red Flags – scroll about halfway down page)