In response to increasing concerns about the security of UC Berkeley’s computerized information, Ann Geyer was appointed the campus’s first-ever Chief Information Privacy and Security Officer on July 14 – the only position of its kind in the UC system outside of a medical or health services capacity.
Geyer was chosen out of a nationwide pool of applicants by a search committee headed by Liz Marsh, IT program manager for the Office of the Chief Information Officer. Geyer will be replacing Ryan Means, who held the interim position for the last six months.
Shelton Waggener, associate vice chancellor and chief information officer, first conceived the new position in late 2006 upon the retirement of Craig Lant, who served as campus information systems security officer – a similar position that did not address privacy concerns. However, due to financial issues, the new position did not materialize until this year.
According to Waggener, the need for the position became ever more pressing as the number of attempts to hack into campus information and computer systems has increased steadily over the past five years.
“There are constantly new security vulnerabilities appearing in our vendors – that is, in Windows, Adobe, Apple,” he said. “The attacks have become constant, sometimes numbering more than one million per month.”
Russell Opland, the UC systemwide privacy officer, attributes the rapid increase in attacks to the evolution of internet crime.
“In the 1980s people thought of ‘hackers’ as kids who broke into systems for the thrill,” he said. “In the 1990s, ‘hackers’ were people who caused trouble by creating viruses. Now organizations with criminal intent are a lot more prevalent online. The issues are identity theft, hacking into systems to get critical financial information and hacking into e-mail addresses to distribute spam.”
Opland also said one factor in creating the new position was the recent security breaches at UC Berkeley’s Graduate School of Journalism and the University Health Services.
Geyer is trained as an attorney in cyberlaw and has worked 15 years in the health care industry designing IT governance and compliance programs. She said this training has made her “very familiar” with IT laws and regulations, such as those that protect patient and student information. Waggener said he expects Geyer’s experience in health care and law training to be especially beneficial.
“In the health care arena, privacy has been a paramount concern for many years,” he said. “And her legal training will help in interpreting new legislation. We expect new information-related laws in coming years.”
Opland said Geyer’s expansive role will include communicating any changes in federal or state law or UC policy, raising awareness about risks and helping the campus become a leader in security and privacy policies.
In addressing these responsibilities, Geyer’s first move will be working with Waggener to design a privacy and security strategic plan. She will also be chairing the Campus Information Security and Privacy Committee and working closely with Opland and Chief Campus Counsel Christopher Patti.
Geyer hopes to continue to expand information access with new communications and computer technologies.
“Berkeley has long prioritized individual right to privacy and is actively seeking the right balance for a culture of openness supported by workable security and privacy policies,” she said in an e-mail.