Mandatory training for all Users who have access to Privacy Act Data

Slides:

Advertisements

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

Advertisements

Safeguarding Privacy Act Data Awareness Training for ALL DeCA Employees and Contractors.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Overview of the Privacy Act

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

Confidentiality and HIPAA

HIPAA Privacy Rule Training

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.

Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

Privacy Act 101 Privacy Awareness Training

ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.

PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,

PA/FOIA INTERFACE OSD/JS Privacy Office (703)

 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.

Data Classification & Privacy Inventory Workshop

PRIVACY ACT Federal Workers’ Compensation Conference 2014 Department of Labor.

HIPAA Health Insurance Portability & Accountability Act of 1996.

Privacy Act 101 Orientation training for all Military Members, Civilian Employees, and Contractor Personnel.

The Data Protection Act

The University of Kansas Medical Center Shadow Experience Training.

The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.

PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.

Health & Social Care Apprenticeships & Diploma

HIPAA PRIVACY AND SECURITY AWARENESS.

Confidentiality and Public Information Act LISD Special Education Department Training SY

1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.

Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.

707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

INFORMATION TECHNOLOGY SERVICES Privacy 101 Information Security and Privacy Office.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

The right item, right place, right time. Privacy Act 101 Privacy Awareness Training AUDIENCE: DLA Workforce Annually (Civilian employees, Military members,

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Freedom Of Information Act/Privacy Act Interface Freedom Of Information.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Privacy Act United States Army (Managerial Training)

Slide 1 of 9. Slide 2 of 9 The Privacy Act of 1974 (Pub.L , 88 Stat. 1896, enacted December 31, 1974, 5 U.S.C. Section 552a) establishes a Code.

An NZFFBS Training Module.  Objective 1  State the purpose and principles of the Privacy Act and the Code of Ethics.  Objective 2  Apply the principles.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

For Official Use Only (FOUO) and Similar Designations NPS Security Office

HIPAA Privacy Rule Training

Information Security and Privacy Office

Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.

Privacy and Security Basics for CDSME Data Collection

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Privacy & Confidentiality

Providing Access to Your Data: Handling sensitive data

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

The Health Insurance Portability and Accountability Act

Lesson 1: Introduction to HIPAA

The Privacy Act of 1974: An Introduction September 2010

Government Data Practices & Open Meeting Law Overview

Examples of Personal Data Requiring Protection

Confidentiality Training 2014

Presentation transcript:

Mandatory training for all Users who have access to Privacy Act Data Privacy Act Training Mandatory training for all Users who have access to Privacy Act Data

This training is designed to educate users on the following: Purpose This training is designed to educate users on the following: The Definition of Privacy Act Data Privacy Act Rules and Regulations The handling of Privacy Act Data

Situational Background Mar 17, 2005 – (Bank Of America) Loss of back up tapes from Bank of America containing 10,000 military records. Mar 13, 2006 - (Computer World) Laptop was stolen that contained thousands of names and SSN’s. May 19 – Laptop stolen from the home of a Veterans Affairs employee containing millions of names and SSN’s

What is the Privacy Act? The Privacy Act is an Act to limit an Agency’s collection and sharing of personal data. The Privacy Act requires that all Executive Branch Agencies follow certain procedures when: Collecting personal information Creating databases containing personal identifiers Maintaining databases containing personal identifiers Disseminating information containing personal data

Why was the Privacy Act passed? Roots of the Privacy Act of 1974 can be traced as far back as 1965 when hearings were held by the House of Representatives Special Subcommittee on Invasion of Privacy. The Privacy Act was created in response to concerns about how the creation and use of computerized databases might impact individuals' privacy rights. It safeguards privacy through creating four procedural and substantive rights in one’s own personal data. 1. It requires government agencies to show an individual records that are kept on that individual. 2. It requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. 3. It places restrictions on how agencies can share an individual's data with other people and agencies 4. It lets individuals sue the government for violating the provisions of the Act.

Why was the Privacy Act enacted? The Privacy Act was passed to address past abuses such as: Federal strong-arm tactics for data collection In the early 1970’s, in events leading up to Watergate, Senator Eagleton (who had voiced mistrust/disapproval of the Nixon administration) had his medical history publicized. Growing impact of computer technologies and the potential for abuse. With the abuses that took place during Watergate, and the growing use of computers to store information, Congress envisioned the damage that could occur to personal privacy in a computer-based society. This realization led to the creation of the Privacy Act.

What are some examples of Privacy Act Data? Social Security Number Financial, credit, and medical data Security clearance level Leave balances; types of leave used Home address and telephone numbers (including home web addresses) Mother's maiden name; other names used Drug test results and the fact of participation in rehabilitation programs Family data Religion, race, national origin Performance ratings Names of employees who hold government-issued travel cards, including card data

What are the limitations of the Privacy Act? The Privacy Act applies only to: US citizens or Lawfully admitted aliens Whose records are filed in a “System of Records” where those records are retrieved by a personal identifier.

What is a System of Records? A System of Records is a group of records that: Contains a personal identifier (such as a name, Social Security Number, Employee Number, etc.) Contains one other item of personal data (such as home address, performance rating, blood type, etc.) Is retrieved by a personal identifier.

Privacy Act Responsibilities The rules and regulations regarding the gathering and handling of Privacy Act Data apply to all personnel and contractors. Personnel requiring access to systems containing Privacy Act Data must do the following: Complete Privacy Act Training Submit a Systems Access Authorization Request (DD2875)

Privacy Act Responsibilities Cont’d Abide by safe handling procedures for Privacy Act Data Privacy Act Data shall not be stored on any mobile storage device i.e. laptops, thumb drives, portable hard drives, etc. If transmitting Privacy Act Data, files will be encrypted, password protected, or sent via secure FTP. If used for analysis, the use of unique identifiers or dummy data will be substituted whenever practical. Share Privacy Act Data only with authorized individuals or agencies Do not commingle information about different individuals in the same file.

Privacy Act Responsibilities Cont’d Mark privacy records appropriately. “For Official Use Only – Privacy Act Data” Do not use interoffice or translucent envelopes to mail Privacy Act protected data. Instead, use sealable opaque solid white or Kraft envelopes. Be sure to mark the envelope to the appropriate person’s attention.

Penalties for violating the Privacy Act? For knowingly and willfully requesting or obtaining records under false pretenses: Misdemeanor criminal charge, and a fine of up to $5000.00 For knowingly and willfully disclosing privacy data to any person not entitled to access: Misdemeanor criminal charge, and a fine of up to $5000.00 For maintaining a System of Records without meeting the public notice requirements: Misdemeanor criminal charge, and a fine of up to $5000.00

What are the penalties for violating the Privacy Act? (cont’d) Courts may award civil penalties for the following: Unlawfully refusing to amend a record Unlawfully refusing to grant access to a record Failure to maintain accurate, relevant, timely, and complete data. Failure to comply with any Privacy Act provision OR agency rule that results in an adverse effect on the subject of the record. Penalties for these violations include: Actual Damages Payment of reasonable attorney’s fees Removal from employment

For Official Use Only (FOUO) data Personnel handling FOUO data should also be aware of the following: Properly safeguard it. Use it only for official government business. Share it only with those with an official need for access. If you create records containing FOUO data, mark them at the time of creation. Not all records are marked with the FOUO legend. If the record is not marked as FOUO, you may still be required to safeguard it. Do not disclose any agency record to a third party except for official, authorized purposes.

Conclusion Marines are our most valuable asset, as such, every effort should be made to safeguard their personnel information from possible misuse. For questions regarding data access or security contact – MCIEAST Privacy Act Coordinator – 451-4452