Abstract
Purpose: The purpose of this study was to explore how a research study can be conducted to examine the current state of protecting information assets in the public university systems of California by identifying known practices that protect personally identifying information. Theoretical Framework: The theoretical framework of this study is grounded in the construct of organizational culture as a basis for motivation and prioritization as defined by motivational and organizational theorists such as Schein, Hofstede, and Bath. Methodology: The subjects of the study are employees of the three public higher education systems in California that served in the role of leading information technology or information security on their respective campus. Subjects respond to an online survey presented with known mitigating actions to data loss asking whether or not a particular action has been or will be implemented. Findings: The primary finding of this research is the development of a template to conduct research in the area of data loss. Specifically, conducting research to examine the current state of protecting information assets is reviewed in the context of using the three public higher education institutions in California as the research population. Conclusions and Recommendations: The study concludes that further research on 2-year institutions is warranted to further evaluate the discrepancies found between the 4-year and 2-year institutions. More specifically, the study recommends that higher education institutions designate a full-time person responsible for the day-to-day activities in protecting personally identifying information.