Know the Code: Protecting Data Privacy

Know the code is a monthly series highlighting different sections of the County of San Diego Code of Ethics. The mission of the Office of Ethics and Compliance is to assist in fulfilling the County’s commitment to the highest standards of ethics and compliance.   

If you’re like most of us, you try to protect your identity, so it’s not lost, stolen, or used without your permission.

Perhaps you keep personal details about your health to yourself and you’d just as soon not share your mother’s maiden name and your Social Security number to anyone without a need to know it.

November’s “Know the Code” topic involves reporting potential privacy incidents.

In keeping with Policy 400-11 on County Information and other group (i.e., HHSA) and departmental policies, employees must always keep the personal information of others confidential.

The three types of information involved are: personal information, personally identifiable information and protected health information. 

Types of data that fall under these categories include: 

  • Social Security number

  • Driver’s license or other government issued ID

  • Account or credit or debit card number, in combination with security or access code, or password

  • Medical information to include diagnosis and condition, especially sensitive conditions

  • Health insurance information to include ID card number, etc.

  • Unique biometric data used to authenticate, such as a fingerprint. Includes photographs for facial recognition

  • Genetic data

  • License plate information

  • Email or username combined with password or security information to access an online account

  • Birth records

  • Mother’s maiden name

To protect others, you are obligated to report any time you are aware that someone who isn’t unauthorized either receives, accesses, uses or discloses personal information not intended for them. 

As examples, personal information could be received in misdirected emails, letters or faxes; overheard in conversations; or seen on a counter, computer, desk or dry erase board. 

Non-HHSA employees and contractors must immediately report all potential privacy incidents to the Office of Ethics and Compliance Ethics Hotline at 866-549-0004 or report it online.   

HHSA employees and contractors must report all real and suspected privacy and security incidents to the Business Assurance and Compliance Office at its website.   

“Some legal timelines start on the date an incident was detected and not on the date they were reported, so waiting to report could cause additional issues,” said the County’s Chief Privacy Officer Todd Hood.

To ensure transparency and maintain public trust, employees should report all potential privacy incidents. The chief privacy officer or HHSA privacy officer will investigate whether the incident is a breach and determine next steps.  

Check out the OEC webpage on InSite for information about upcoming Ethics and Compliance Program events, training and resources including monthly “Know the Code” articles and micro-training videos.

If you have questions about Ethics and Compliance training or how to access the training and other resources, contact the OEC team at oec@sdcounty.ca.gov or 619-531-5174. 

HHSA staff may also contact the dedicated HHSA Agency Compliance team at compliance.hhsa@sdcounty.ca.gov or 619-338-2807.