A LAPTOP containing personal details of scores of NHS patients is one of nearly 200 computers either stolen or missing from public bodies in the Lothians.

Slides:



Advertisements
Similar presentations
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
Advertisements

Data Management Tools David Wallom. YOUR DATA DOES NOT BELONG TO YOU! IT BELONGS TO YOUR EMPLOYING INSTITUTION!
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Complying with Privacy to Enable Innovation & Research
Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
10 Essential Security Measures PA Turnpike Commission.
STORING YOUR DATA ……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………......…... RESEARCH DATA MANAGEMENT TEAM UK DATA.
ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.
IT Academy (part of the University of York ). Cybercrime... Fact or CSI SciFi?
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
VA OI&T Field Security Service Seal of the U.S. Department of Veterans Affairs Office of Information and Technology Office of Information Security.
OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.
Protecting Sensitive Information PA Turnpike Commission.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Information Governance Jym Bates Head of Information Assurance.
CPS Acceptable Use Policy Day 2 – Technology Session.
NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman December 10, 2009
ESCCO Data Security Training David Dixon September 2014.
1.1 System Performance Security Module 1 Version 5.
Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.
1 Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22,
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Privacy and Information Management ICT Guidelines.
Managing IT Risk MRC Weatherall Institute of Molecular Medicine Tom Anstey Risk - combination of the probability of an event and.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
SPH Information Security Update September 10, 2010.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
@ BCHS. The School Policy is your guide to ensuring you and your students are safe. It is your responsibility to make yourself aware and familiar with.
Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.
Encryption as a Preventive Countermeasure Sean Maher, Information Security Coordinator.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
PUBLIC COMPUTER SAFETY
DATA SECURITY FOR MEDICAL RESEARCH
Service Point 5 ReportWriter
Service Point 5 ReportWriter
Investigation Myths and Facts
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Staying Austin College
Library and IT Services
Things To Avoid: 1-Never your password to anyone.
Passwords.
Data Protection Scenarios
Digital $$ Quiz Test your knowledge.
IT & Security Training Skills.
Google for Education offering
Understanding Data Protection
Introduction to the PACS Security
Golden rules for handling personal data
Personal Mobile Device Acceptable Use Policy Training Slideshow
Presentation transcript:

A LAPTOP containing personal details of scores of NHS patients is one of nearly 200 computers either stolen or missing from public bodies in the Lothians. The computer held "extensive" data on the psychiatric and personal histories of participants in a medical study, as well as information on whether they had suffered physical or sexual abuse. Edinburgh Evening News, 25 February 2008 Patients’ medical histories stored on stolen laptop

University Policy on the Storage, Transmission and Use of Personal Data and Sensitive Business Information Out With the University Environment Medium and high risk personal data or business information must be encrypted if it leaves the University environment Staff/DPstaff/EncryptionPolicy.htm

Key Principles 1.Avoid downloading personal data 2.Anonymise 3.Use secure shared drive 4.Use remote access facilities 5.If cannot avoid using a mobile device, encrypt

Key Principles 6.Do not use personal equipment 7.Avoid Encrypt Indicate content in title 8.Do not use in public places 9.Take physical security measures 10.Compile and apply retention schedules

What do you need to do? Comply with policy Follow guidance Use recommended USB stick Encrypt laptops Take sensible precautions –Passwords, autolocking –Log out –Destroy, don’t recycle –Know your software services/services/computing/desktop-personal/encryption