Various legal mandates impose IT security management requirements on organizations that store and process personal, financial, and other types of sensitive data. Institutions that are not in compliance may face the loss of funding or other penalties. Some mandates specify security controls which can be complex and expensive to put into place. Implementing common controls across multiple IT systems can result in significant cost savings due to economies of scale. But challenges arise when attempting to implement an IT security control regime intended for an operational environment with centralized management and funding upon a research institution comprised of autonomous organizational units with disparate funding sources and heterogeneous IT systems.

In the 2007-2008 academic year, Clinic students Matt Chew Spence, Lawan Likitpunpisit, Bindiya Jadhwani, and Megha Sarma worked in collaboration with UC Berkeley Information Services and Technology to help protect information on campus. The students studied legal regulations, university policies, and mapped these requirements to specific technical controls and business processes needed to safeguard sensitive information. Their resulting project, "Its a BEAT" has earned widespread recognition from the campus community and industry.

Click here to download the final report (pdf)

Click here to download the final presentation (ppt)

Elements of this project will see continued development with industry partners. In conjunction with legal scholar Prof. Jeff Selbin and the Samuelson Law, Technology, and Public Policy Clinic, we are also actively developing apects of this project to help enhance the security and privacy of sensitive legal information. See also Justice and the Digital Record.