Protecting Personal Information at Fermilab

Slides:

Advertisements

Similar presentations

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Advertisements

DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

PERSONAL FINANCIAL MANAGEMENT

Identity Theft Someone steals your personal information for his/her own gain It’s a crime!

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”

Data Classification & Privacy Inventory Workshop

PRIVACY ACT OWCP Interagency Meeting November 4, 2014 Paul J. Klingenberg, Esq. Senior Attorney Office of the Solicitor, FEEWC Division.

PRIVACY ACT Federal Workers’ Compensation Conference 2014 Department of Labor.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Protecting Personal Information at Fermilab: Advanced Course Irwin Gaines – Lab Privacy Committee Chair.

Landlord Utility Services Work Instructions. To enter the portal, simply enter your assigned User ID and Password, provided by Consumers Energy. Log In.

Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.

Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.

Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.

Florida Information Protection Act of 2014 (FIPA).

Protecting Personal Information at Fermilab. What You Will Learn F Why must we protect personal information? F What are the laboratory policies governing.

Protecting Personal Information at Fermilab. Outline F Why must we protect personal information? F What is Protected Personally Identifiable Information.

Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Protecting Your Organization Identity Theft and Data Breach.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Incident Security & Confidentiality Integrity Availability.

C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.

Incident Security & Confidentiality Integrity Availability.

IDENTITY FINDER TRAINING. What is Identity Finder?  Identity Finder is a program that is installed on your desktop, laptop, or server to locate personally.

Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.

FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CITY OF PHOENIX RECORDS MANAGEMENT AND E-PRIVACY Margie Pleggenkuhle City Clerk Department March 18, 2004.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Identity Theft. What Is Identity Theft? – Acquiring someone’s identifying information and impersonating them for gain.

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Department of Children and Families Care Provider Background Screening Clearinghouse.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Identity Theft It’s a crime!

Cash Handling – It’s my job

Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.

Privacy and Security Basics for CDSME Data Collection

2015 Orientation to HIPAA Privacy Rule Compliance

Streamline your HR document management processes

Florida Information Protection Act of 2014 (FIPA)

SPECIAL EDUCATION A REVIEW OF: CHILD FIND/ SPED PROCESS

Information Security Seminar

Cash Handling – It’s my job

Part I: Purchases and Cash Disbursements Procedures

UGA Extension Credit Card Processing Training

Florida Information Protection Act of 2014 (FIPA)

Presented By: Denise Matias, CAH February 1, 2012

Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.

Move this to online module slides 11-56

Red Flags Rule An Introduction County College of Morris

The HIPAA Privacy Rule and Research

Confidentiality of Information Acknowledgment and Agreement 2018

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Health Insurance Portability and Accountability Act

Personnel Training for Privacy

General Data Protection Regulation Q & A Session

Colorado “Protections For Consumer Data Privacy” Law

PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS

Family Educational Rights and Privacy Act of 1974

Presentation transcript:

Protecting Personal Information at Fermilab

What You Will Learn Why must we protect personal information? What are the laboratory policies governing personal information What is Protected Personally Identifiable Information (Protected PII)? What are my obligations? Where do I go if I have any questions

Why do we need to protect personal information? Identity theft based on improper disclosure of personal information is a serious problem Several government agencies have been embarrassed by losses of large quantities of personal data Orders from White House --> DOE --> Office of Science mandate more careful treatment of personal information Fermilab respects the privacy of employees and users

Laboratory Policies on Personal Information We have lab policy and procedures: Lab Policy (Director’s Policy Manual): Director's Policy Manual section 38.000 Lab Procedures: PII Procedures

Kinds of Personal Information PII (Personally identifiable information) is any information that specifically identifies an individual; not all needs to be protected “Protected” PII is PII that has a significant risk of identity theft if improperly disclosed (such as social security numbers; full definition on next slide) “Laboratory” PII is PII collected and maintained by Fermilab (not your own data: if you keep your personal credit card number on your computer it may be bad practice but is not in violation of lab policy). Much but not all Laboratory PII is Protected PII. These rules apply to electronic versions of Laboratory Protected PII

What is Protected PII? At Fermilab, Protected PII is defined as an individual’s name in combination with one or more of the following items: social security number or foreign national ID number passport number or visa number driver’s license number personal credit card number bank account number date and place of birth (both together, not one by itself) mother’s maiden name security clearance information biometric information (fingerprints, retinal scan, DNA) criminal records detailed personal financial information (not merely salary history) detailed medical records detailed educational transcripts (not merely a list of degrees)

Your Obligations You must not have any Laboratory Protected PII on any of your computers You will need to sign a statement that you will inspect your computers and delete any Laboratory Protected PII you discovered (as part of this training) “Your computer” means any computer that you are the sole user of, and any file space you have on shared systems or servers. System administrators will NOT examine users’ files; this is the responsibility if each user. Note: this applies only to PII that “belongs” to Fermilab (PII that Fermilab collects and maintains, not your own information), and only to electronic copies of PII These rules apply to all computers, personally or laboratory owned, connected to laboratory networks.

Examples of PII that must be deleted Resumes or transcripts containing social security numbers or other Protected PII Conference databases with credit card numbers or visa numbers Spreadsheets with credit card or passport numbers of division/section travelers Word documents of trip reports or foreign travel forms containing passport numbers or other Protected PII Note that it is OK to enter Protected PII into external databases (like FTMS for foreign travel) as long as no local copies of reports containing things like passport numbers are kept on your computer.

What if I need to access PII The laboratory does have a need to maintain and process some PII (employee records, financial transactions) that a small number of employees need to access. If you are one of these employees you will receive “advanced” PII training to learn how to properly access this PII For further information contact your division/section PII representative (next slide)

Division/Section Privacy Reps AD: Tom Kroc CD: Irwin Gaines PPD: Elaine Phillips TD: John Konc BSS: Bill Flaherty ES&H: Tim Miller FESS: Odarka Jurkiw FIN: Tom Ackenhusen WDRS: Heather Sidman

Quiz To receive credit for completion of this training you must now take and successfully pass the online test. Please go back to the course enrollment page and request your exam.