Presented by: Steve Gerdes 26 January 2019

Slides:



Advertisements
Similar presentations
FERPA - Sharing Student Information
Advertisements

NAU HIPAA Awareness Training
Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.
Youth Protection A changing scene What are the expectations that RI has on Rotary Clubs participating in its various Youth Programmes?
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
Rotary Youth Exchange 101. DISTRICT 6000 PETS MARCH 1 – 2, 2013.
2/16/2010 The Family Educational Records and Privacy Act.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting Youth We Cherish, Your Rotary Club, and You.
Rotary Youth Exchange 101  Presenter  Don Peters, District 6150  Co-Chair, District 6150 Youth Exchange  Presentation By –  Cindy Harrison, District.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Security and Privacy Strategic Global Partners, LLC.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
1 March 2010 Youth Programs Certification Mary Watson Rotary Club of Vancouver Arbutus Certification Coordinator Youth Exchange Trainer.
Confidentiality A Training Without the Video. Laws FERPA (1976) or the Buckley Amendment (1994) IDEA (1991) KY Safe Schools (1998)
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Youth Protection For Rotary Clubs Saturday, March 7, 2015.
WHY? YOUR 24 HOUR OFFICE Important to know: There are two areas of YEAH #1 The YEAH HUB #2 The YEAH Portal.
District 5390 Risk Management Mike Mayott District Risk Manager.
Under the new grants process, both districts and clubs assume greater responsibility for the management of grants. The Rotary Foundation has established.
Nassau Association of School Technologists
Confidentiality Training
District and Club Qualification
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
Privacy & Confidentiality
Microsoft 365 Get help with regulatory compliance
Confidentiality Training
LTEP Application Seminar
Obligations of Educational Agencies: Parents’ Bill of Rights
Youth Protection Guidelines REVISED JANUARY 2016
General Data Protection Regulation
Privacy Notice - Requirements
A Parent Guide to creating a student (under 13) Apple ID
GDPR General Data Protection Regulation EU: Coming May 25, 2018
G.D.P.R General Data Protection Regulations
Data Protection and GDPR – An introduction for Baptist Churches
General Data Protection Regulations
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
GDPR (General Data Protection Regulation)
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Information management and communication
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Wootton Medical Centre High Street, Wootton Northampton NN4 6LW
Data Management Ethical considerations for educational research
Club Leadership.
Youth Protection Guidelines REVISED JANUARY 2016
Government Data Practices & Open Meeting Law Overview
District and Club Qualification
General Data Protection regulation (GDPR)
General Date Protection Regulation
The Office of Open Records webinar will begin soon
Analysis of Final HIPAA Privacy Modification Rule
Government Data Practices & Open Meeting Law Overview
WWC – Why do I need it?.
District 9710 Youth Protection
Data Protection What can I do? GDPR Principles General Data Protection
General Data Protection Regulation (GDPR)
Student Records Montana Association of School Business Officials
Obtaining Proof of Decision-Making Authority
Colorado “Protections For Consumer Data Privacy” Law
FERPA Training Quiz.
GDPR Information and Consent
TRAINING EVENING.
Presentation transcript:

Presented by: Steve Gerdes yeo1@RotaryDistrict5650.org 26 January 2019

What is it? The European Union has adopted regulations to protect digital privacy of its residents. Information may only be used to advance the mission of the organization. Major focus is making sure that people consent to the use (commercial & other) of digital information that has been collected. Reasonable steps must be taken to prevent hacking of places that store information. GDPR encourages psydonymization (process of transforming stored data so that it cannot be attributed to a specific person without the use of additional information). Information that is no longer necessary for an organization’s mission generally must be destroyed.

Does it apply to us? Applies to any exchange that involves collection of or processing of personal data from a European Union resident. Inbound Students from the European Union. Outbound students to the European Union. Applies to information collected by our European Union partners. Our EU partners are subject to punishment if they provide us with information and we do not comply with the GDPR regulations.

How do we comply? Give notice of intended use of information that we collect or process and obtain consent for its use. Protect the information from hacking. Districts, Host Families, Rotary Clubs, & Rotary volunteers must destroy electronic and paper documentation at the end of the exchange. District retains access to information through the SCRYE database. Clubs and host families allowed to retain basic contact information on students & families. SCRYE archives information 5 years after exchange and allows limited access to it through its Data Protection Officer.

Notice The District shall use and disclose Confidential Information solely as necessary to facilitate The Rotary Youth Exchange Program. The SCRYE notice form lists how SCRYE and its member districts are likely to use information.

Student Consent Acknowledges receipt of SCRYE policy Consents to use of information per SCRYE policy. Signed written consent should be obtained from: All students regardless of age. At least one parent, regardless of age of the student. Why does the parent have to sign? GDPR requires parental consent for anyone under the age of 16. Under US law, a minor (generally 18, but may be different in some states) has no legal authority to consent.

Volunteer & Host Family Consent Acknowledges receipt of SCRYE policy Consents to use of information per SCRYE policy. Agrees to delete all paper and electronic information on students and host families.

Club Certification Club agrees to follow SCRYE policy Club agrees to destroy information after exchange is over. (Club may retain basic contact information after exchange is over.)

Student Application Uniform Student Application committee has not made a final decision on how to comply with GDPR. Most likely result appears to be for the sponsor and host districts to each attach their student consent form to the application so that an application will not be considered complete until the forms are attached.

How do we comply? Provide students and parents with a copy of the SCRYE policy on release of information. Require signed consents from: All inbound and outbound students and their parents. Adult Host Family members. Rotarian volunteers. Always use an encryption process to share information. Have security in place on the computers of all volunteers who have information stored. SCRYE database is secure. Delete information at end of exchange. Member districts and their clubs do their best to delete information on exchanges that are over. Appoint a qualified Data Protection Officer.

What is the most difficult part about complying? Ensuring that the computers of our volunteers don’t get hacked. Some strategies: Use behind firewall. Password protect access to computer and set computer to go to sleep shortly after it is no longer being used. Encrypt all stored data. Store data in part of computer that requires separate password.

What information can districts & their clubs keep after the exchange? SCRYE forms generally allow you to keep: Name (Student, Host Family members, Rotarians) Their basic contact information Address Phone numbers Email Exchange year and school Role served Contact information about Club YEO and Counselor linked to host families and student

What does SCRYE need to do? Pass the “SCRYE Privacy Policy on Use and Disclosure of Confidential Information Obtained in Connection with the Rotary Youth Exchange Program.” Appoint a Data Protection Officer. Add a feature on the database to archive information and restrict access to the archive to the SCRYE Data Protection Officer. Pay any additional cost for creating the archive feature.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.