In an open letter posted on the university's web site, Birgeneau said the March 11 theft "revealed serious gaps in our management of this kind of data," and outlined steps campus officials are taking to improve security.
The laptop, which was stolen from the Graduate Division offices, contained names and social security numbers of about 98,000 people. (As reported in SC Magazine here). Birgeneau said the university is not aware of any misuse of the data.
"Our challenge is not that we lack policies governing computer security and the safeguarding of sensitive information... Our challenge is enforcing these policies, and specifically, rectifying the lack of clear lines of accountability, both personal and departmental," he said.
"I will insist that we safeguard the resources to information we are given as though it were our own. I will provide the resources to ensure that we have the most advanced systems to protect all data."
The university will hire a leading data-security management firm to conduct an immediate external audit of how the campus handles all personal information, Birgeneau said. Also, it will require full encryption of all personal information stored on departmental systems and require campus units to remove all unessential data from their machines.
"Unfortunately, in this technological age absolute security of all information is impossible," Birgeneau concluded. "However, this is no excuse for not managing the databases properly. UC Berkeley became the world's premier teaching and research institution by being precise and cutting edge. When it comes to protecting the data we store and use I will insist on the same precision."