RE: RE: SB1386 Template
Page 1 of 3 Attachment 7
David Hotchkiss - RE: RE: SB1386 Template From: To: Date: Subject:
"Scott Dickey" <sdickey@publiclawgroup.com> "David Hotchkiss" <dhotchkiss@ccsf.edu> 12/17/2011 9:07 AM RE: RE: SB1386 Template
David: The Board has directed that we identify more than one potential contractor that can provide both the forensic analysis and resolve the infestations, from which the Chancellor can select. Could you help identify one to two others? Thank you, Scott Scott Dickey | Senior Government Law & Litigation Counsel 350 Sansome Street, Suite 300 | San Francisco, CA 94104 t: 415-678-3800 | f: 415-678-3838 | d: 415-678-3827 w: www.publiclawgroup.com Confidentiality Note: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-----Original Message----From: David Hotchkiss [mailto:dhotchkiss@ccsf.edu] Sent: Fri 12/16/2011 9:19 AM To: Scott Dickey; Scott Dickey Subject: Fwd: RE: SB1386 Template Scott I don't seem to find an answer to the email I sent you on Dec 7th. I reiterate my concern of sending out a notice prior to performing a forensic study. The study will identify the scope of the breach and allow us to determine the best way to restore the reasonable integrity of the network. The study would determine if we should send the notice to 100 people or 100,000 people. At this point we cannot rule out that the infestation has penetrated Banner (the HR, payroll and student information system) or Medicat (student medical records). This activity is well beyond the capabilities of the IT staff. It has been eight days since I sent the below email. Time is of the essence with this matter. Even if you are correct in your interpretation of SB1386, don't we have a responsibility to our students and employees to ensure the proper safeguarding of their personal data as well as to give them an honest appraisal of the situation? On Dec 7th you told me that you were going to speak to the Chancellor about this and the Purchase Order I gave him on Dec 5th. Since I have not received the PO I presume that the Chancellor has not signed it. Do you know what is happening with it?
file://C:\Documents and Settings\dhotchkiss\Local Settings\Temp\XPgrpwise\4EEC5BC7POA_DOMpo... 12/19/2011