Treat it like it’s yours: best practices for handling student transcript data Bob Hughes Application Support Manager North Orange County CCD CCCTran Steering.

Slides:

Advertisements

Similar presentations

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Advertisements

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Mount Auburn Hospital Medical Staff Quarterly March 18, 2010 Bob Todd, Director IT Mount Auburn Hospital Agenda Items: o Focus on Security Tools.

IAPP Seminar, June 11, CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.

Informed Consent.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

Springfield Technical Community College Security Awareness Training.

© 2009 Lenovo Security at the Endpoint Henry Ramos.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

Presented by: Roberta Ward CDHS Privacy Officer Phone: (916)

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.

Consumer Privacy & Protection Joanna Acocella May 22, 2007.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

Complying with Privacy to Enable Innovation & Research

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

KEEPING YOUR SECURE DATA SECURE TRUECRPYT. WHAT IS TRUECRYPT Small program for encrypting files What is encrypting? Scrambling the data Password protecting.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

Protecting Sensitive Information PA Turnpike Commission.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.

Introduction to the West Virginia Executive Branch Privacy Policies Executive Branch Privacy Program Education & the Arts Presented by Heather Butler,

How to Backup FNC Files to Corporate Network Using Windows XP Created By: Ricardo G. Mesa, Systems Administrator Date: January 17, 2006.

ESCCO Data Security Training David Dixon September 2014.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Data Risk and Security Andrew Roderick Campus Technology Committee – January 21, 2015.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

The UH Information Security Policy & YOU Jodi Ito Information Security Officer, ITS

SPH Information Security Update September 10, 2010.

Preventing a Sensitive Data Loss: Laptops Marc Scarborough.

Cyber Security Awareness Month Using Your Laptop Safely On the Road Off-Campus Safe Computing Part 2.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

When you request technical support Please remember to request it by ing or calling , Even if you .

HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

IDENTITY FINDER TRAINING. What is Identity Finder?  Identity Finder is a program that is installed on your desktop, laptop, or server to locate personally.

PROTECTING YOUR CREDIT PG NAME, TEACHER AND DATE.

Protecting the Public Trust Cyber Liability and Data Compromise; The New Risk Management Frontier Steve Spilde, Chief Executive Officer Brennan Quintus,

Status of identity and privacy related AZ Legislative bills April 20, 2006 Mike Keeling ATIC, Chair.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Protection of CONSUMER information

Florida Information Protection Act of 2014 (FIPA)

PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE

Information Security Seminar

Florida Information Protection Act of 2014 (FIPA)

Today’s Risk. Today’s Solutions. Cyber security and

Data Breaches in Employee Benefits

Protecting Your Identity

Las Positas College Flex Day

Where Does It Hurt? The Anatomy of a Data Breach wasp.

National HIPAA Audioconferences

Colorado “Protections For Consumer Data Privacy” Law

School of Medicine Orientation Information Security Training

Presentation transcript:

Treat it like it’s yours: best practices for handling student transcript data Bob Hughes Application Support Manager North Orange County CCD CCCTran Steering Committee Chair

Recent Data Breaches Privacy Rights Clearinghouse: Privacy Rights Clearinghouse: ,907,901 records containing sensitive personal information were involved in security breaches in the U.S. since January ,907,901 records containing sensitive personal information were involved in security breaches in the U.S. since January 2005

Recent Data Breaches (cont.) 4/9/09 Behrend College, Erie PA 10,868 SSN’s (compromised server) 4/8/09 Metro Nashville School 18,000 SSN’s (on public server) 3/18/09 U of West Georgia 1,300 SSN’s (stolen laptop) 3/17/09 Penn State University 1,000 SSN’s (compromised server) 3/16/09 University of Toledo (OH) 24,450 records, 250 SSN’s (stolen computer) 3/4/09 Elk Grove School Dist (CA) 520 SSN’s (on a lost document) 8/2/08 Countrywide Financial 2,000,000 SSN’s

California SB 1386 This bill, operative July 1, 2003, would require a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This bill, operative July 1, 2003, would require a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

What is Personal Information? e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

Recommended Practices df/ssnrecommendations.pdf df/ssnrecommendations.pdf Reduce the collection of SSN’s Reduce the collection of SSN’s Eliminate the public display of SSN’s Eliminate the public display of SSN’s Do not send SSNs by unless the connection is secure or the SSN is encrypted Do not send SSNs by unless the connection is secure or the SSN is encrypted

Option 1: Securing the Connection Encrypted Encrypted Requires that you have security certificate installed Requires that you have security certificate installed You must install the security certificate from the recipient You must install the security certificate from the recipient Complicated and time consuming; may require support from your IT staff Complicated and time consuming; may require support from your IT staff

Option 2: Encrypting the SSN Save attachment as PDF Save attachment as PDF Secure the document with a password Secure the document with a password Choose the option to Encrypt all document content Choose the option to Encrypt all document content Share the document password with the recipient Share the document password with the recipient Easy and compliant! Easy and compliant!

Questions?