Data Protection Scenarios

Slides:

Advertisements

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Advertisements

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

This time it’s personal: consumerising records management

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

For further information computersecurity.wlu.ca

The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Module #1: Introduction to Cyber Security

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Information Security Steven Hall 21 st Jan Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

Practical Information Management

Information Governance Sylvia Reynolds Senior Resources Officer / Information Governance Manager.

Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

ESCCO Data Security Training David Dixon September 2014.

1.1 System Performance Security Module 1 Version 5.

Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.

Privacy and Information Management ICT Guidelines.

Children’s Hospital Requirements for Remote Access.

SAFE KNOWLEDGEwww.zondex.com INFORMATION MANAGEMENT Chris Joscelyne AUSTRALIAN PROJECTS PTY LIMITED IT Security and Data Protection.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Desktop Security: Making Sure Your Office Environment is Secure.

12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.

4 TH YEAR PARENTS EVENING MOBILE DEVICES Mrs Helen Alexander Head of ICT/Computing.

Personal Accountability for Data Stewardship st Year Medical Students Noella RawlingsBrad Peda Director of ComplianceInformation Security Program.

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

Information Management and the Departing Employee.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

A LAPTOP containing personal details of scores of NHS patients is one of nearly 200 computers either stolen or missing from public bodies in the Lothians.

SuccessFactors - Frequently Asked Questions FAQs Question: I don't have easy access to a computer at work. What other options do I have? Answer: SuccessFactors.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Data Protection Session

Protecting Client Confidentiality for Volunteers and Agency Staff

Information Protection & Cyber Security

Staying Austin College

© EIT, Author Gay Robertson, 2017

INFORMATION GOVERNANCE

ONE® Pages Training Presentation

7 IM Habits for Highly Effective People

Finham Primary School – GDPR Practice Guidelines

INFORMATION GOVERNANCE

1. Basics of Online Safety

Breach or no breach? Today’s trainer: 1

Information Security Casebook

Figure 1. Number of Records Breached

Understanding Data Protection

Handling Information Securely

Information Security in Your Office

Privacy and Security Basics Training

School of Medicine Orientation Information Security Training

Presentation transcript:

Data Protection Scenarios

Moving Data What’s wrong with this Scenario? You have a list of subscribers information that you need to move to another computer in the office: You’ve decided to use a USB device to do this When you’re finished you put the USB device in you pocket What’s wrong with this Scenario? North East Lincolnshire Council was find £80,000 after a serious data breach of sensitive information of hundreds of children with special educational needs was lost. The information was stored on an unencrypted memory stick and went missing.

Confidential Destruction You have a large bag of confidential material, finance papers, etc… You are trying to save on your budget and decide to put these files into the normal recycle bag You then take this to the local ‘on-street’ recycling collection point You find out later that some former employees pension records have been posted on-line In 2012 Scottish Borders Council where fined £250,000 when these records where found in a supermarket car park

Sending Personal Data by email You have a list of personal & sensitive data of your best donators and how much they have donated to your cause but they have requested anonymity You need to send the list to the Finance Officer But you forget you were also in the process of sending out a circular to every one on you mailing list You hit send and the personal sensitive data has been sent to everyone on the mailing list Discuss Surrey County Council was fined £120,000 after three data breaches, involving misdirected emails.

Mobile device What can we do to be safe? You use your phone to pick up email It’s not password protected You don’t use the Outlook app (which is recommended by BCOS) You phone is stolen What can we do to be safe?

Mobile Device (2) You need to take your laptop to a conference to do a presentation It has the data base of all the people going on a Pilgrimage to Lourdes in a few weeks with all their medical data, but you need to work on this when you’re on the move You leave your laptop on the train Discuss Glasgow City Council was fined £150,000 for the loss of two unencrypted laptops

Mobile Device (3) Discuss You have contacts on your smartphone You pair this with your car’s Bluetooth handsfree You put your car in for service. Who has access to the contacts? Discuss In our own case the contacts are downloaded from the phone each time we connect and are not accessible from the car handsfree without the phone being present. In other makes/models of car the contacts are stored in the handsfree unit, so would be accessible to a service mechanic.

Identify and discuss any Data Protection issues Theft of Data You are a Voluntary Youth Centre and have vulnerable young people passing through. You have 3 desktop computers, one of which you use to share information with the local council and the with other social services. Nothing has been deleted from the PC in over 5 year's. It is password protected “XYZ123” which is also located on a post-it note inside the desk drawer. Its never been changed. The Centre is broken into and the desktops are all stolen Identify and discuss any Data Protection issues

Theft of Data (2) Organisational and Technical Security of Personal data Retention of Personal data – Keeping data longer than needed Data Sharing - there was no agreement in place between the Council and the Centre Password – Keep it safe in your head Lack of Technical Security - there is no obligation to encrypt desktop computers, but it helps Training of staff