Florida Information Protection Act of 2014 (FIPA)

Slides:

Advertisements

Similar presentations

FERPA: Family Educational Rights and Privacy Act

Advertisements

CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

To Keep or Not to Keep: The Legalities of Record Retention Mastering the Maze 2008 Joint presentation by: Tom Mercurio, General Counsel and Erica Heffner,

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

SC Identity Theft Act and Red Flag Rules Stephanie O’Cain, CPA Municipal Association of SC October 6, 2009.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Basic Banking Services - Activity 1

FERPA: Family Educational Rights and Privacy Act.

An Act Relative to Security Freezes and Notification of Data Breaches Chapter 82 of the Acts of 2007 Massachusetts Digital Government Summit Securing Private.

RECORDS MANAGEMENT MELANIE WELCH 1. What Is the Sunshine Law? The Sunshine law grants every person the Constitutional right to: ◦ View or copy any public.

1 1 MA201 CMR John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Protecting Sensitive Information PA Turnpike Commission.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Electronic Records Management: What Management Needs to Know May 2009.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

Data Protection Act AS Module Heathcote Ch. 12.

© Copyright 2010 Hemenway & Barnes LLP H&B

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

® HHM Clean Desk Policy. 2 ® Clean Desk Policy : What Will You Learn Importance of Privacy and Security The kinds of information we protect Privacy Requirements.

1 Activities ACTIVITY 1: Why Do You Need a Bank? ACTIVITY 2:The Many Services of a Bank ACTIVITY 3: The ABCs of a Checking Account ACTIVITY 4: Opening.

Western Asset Protection

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA,

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

Protecting PHI & PII 12/30/2017 6:45 AM

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Privacy & Confidentiality

Florida Information Protection Act of 2014 (FIPA)

Responding to a Data Breach 360° of IT Compliance

Obligations of Educational Agencies: Parents’ Bill of Rights

HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.

Data Protection Legislation

2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,

Red Flags Rule An Introduction County College of Morris

Alabama Data Breach Notification Act: What 911 Districts Need to Know

G.D.P.R General Data Protection Regulations

Disability Services Agencies Briefing On HIPAA

Employee Privacy and Privacy of Employee Information

Data Breaches in Employee Benefits

Alabama Data Breach Notification Act: What County Governments Need to Know Morgan Arrington, General Counsel Association of County Commissions of Alabama.

HIPAA Overview.

HIPAA & PHI TRAINING & AWARENESS

National HIPAA Audioconferences

Colorado “Protections For Consumer Data Privacy” Law

The Health Insurance Portability and Accountability Act

Presentation transcript:

Florida Information Protection Act of 2014 (FIPA)

Why do we have FIPA? There is no single federal law that governs notification of a data or security breach. FIPA provides State directed procedures for the protection and security of sensitive personal information in the possession of covered entities.

What is a FIPA Covered Entity? A “covered entity” is a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information. For the provisions of this bill detailing the requirements for notification when there is a breach of security, disposal of customer records, and enforcement, this term also includes governmental entities (this includes FSU).

What is a Customer Record in FIPA? “Customer records” means any material, regardless of the physical form, on which personal information is recorded or preserved by any means, including, but not limited to, written or spoken words, graphically depicted, printed, or electromagnetically transmitted that are provided by an individual in this state to a covered entity for the purpose of purchasing or leasing a product or obtaining a service. “Data in electronic form” means any data stored electronically or digitally on any computer system or other database and includes recordable tapes and other mass storage devices.

Personal Information Defined in FIPA Individuals First Name or First Initial and Last name in combination with: SSN

Individuals First Name or First Initial and Last name in combination with: Driver License or State ID Card Number, Passport Number, Military ID Number, or other similar number issued on a government document to verify identity

Individuals First Name or First Initial and Last name in combination with: Financial Account Number or Credit or Debit Card Number in combination with any required Security Code, Access Code, or Password allowing access to an account

Individuals First Name or First Initial and Last name in combination with: Medical History/Treatment/Diagnosis by health care professional

Individuals First Name or First Initial and Last name in combination with: Health Insurance Policy Number

User Name or E-mail Address in Combination with Password or Security Question that allows access to online account

Important for third-party contracts…. (8) REQUIREMENTS FOR DISPOSAL OF CUSTOMER RECORDS.— Each covered entity or third-party agent shall take all reasonable measures to dispose, or arrange for the disposal, of customer records containing personal information within its custody or control when the records are no longer to be retained. Such disposal shall involve shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any means. *FSU must adhere to State public record laws in determining disposal timelines *See security.fsu.edu for contract “Terms & Conditions” which covers any 3rd party transfer of protected FSU information including data disposal terms to meet FIPA requirments

FIPA Breaches can span other privacy actions required under other legal or contractual requirements …

Individual Notices Notice to affected individuals within 30 calendar days of discovery unless delay authorized by federal, state, or local law enforcement Notice must include: Date or range of dates for breach Description of personal information lost/accessed in breach Contact information for information at breached entity

Notice to Department of Legal Affairs Any breach of over 500 accounts/records requires sending a notice to State Department of Legal Affairs within 30 days of breach (45 days with extension): Synopsis of breach events Number of individuals in Florida affected Services (information/credit protection) offered by entity to individuals Name of contact person in organization