PII BREACH MANAGEMENT Army Privacy Office 7701 Telegraph Road Casey Building, Room 144 Alexandria, VA 22315 703-428-6513 DSN: 328-6513 Fax: 703-428-6522.

Slides:



Advertisements
Similar presentations
2009 Data Protection Seminar
Advertisements

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Overview of the Privacy Act
Privacy and Information Security Training ( ) VUMC Privacy Website
Office of Health, Safety and Security
U.S. Army Records Management & Declassification Agency Privacy Act/System of Records Policies.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.
HIPAA Regulations What do you need to know?.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
PII Breach Management and Risk Assessment
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Defense Privacy Office 1 Budget Documentation and Justification Writing Class The Privacy Act of 1974: What Senior Leaders Need to Know.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
PRIVACY TRAINING 101 CIA-PPI-PII
Office of Personnel Management (OPM) Data Breach A briefing for use by DON commanders and supervisory staff
FERPA Overview for CANR Business Managers Rob Kent, MSU Assistant General Counsel October 7, 2014.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.
PRIVACY AND INFORMATION SECURITY
2010 UBO/UBU Conference Health Budgets & Financial Policy Briefing: HIPAA Scenarios – The MTF’s Role in Protecting PHI Date:25 March 2010 Time:0900 – 0950.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
INFORMATION TECHNOLOGY SERVICES Privacy 101 Information Security and Privacy Office.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Protecting Personal Information at Fermilab. What You Will Learn F Why must we protect personal information? F What are the laboratory policies governing.
Protecting Personal Information at Fermilab. Outline F Why must we protect personal information? F What is Protected Personally Identifiable Information.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
NEW FERPA REGULATIONS: ARE YOU IN COMPLIANCE? Presented by Cristi Millard.
(Compliance Training)
Panel Discussion on Identity Theft and PII Facilitated by Barry West, CIO Department of Commerce –Panelists: Kenneth Mortensen, DOJ Marc Groman, FTC Hillary.
Update on Privacy Issues at USU October 10, 2013.
C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,
Privacy Act United States Army (Managerial Training)
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
Welcome to Workforce 3 One U.S. Department of Labor Employment and Training Administration Webinar Date: Thursday, October 23, 2014 Presented by: Division.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
Information Security and Privacy Office
Incident Response, Being Prepared
Office of Health, Safety and Security
Protecting Personal Information at Fermilab
HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.
Overview What is a privacy breach? 2. Examples of privacy breaches 3. Consequences of privacy breaches 4. Steps to handling a privacy breach.
FOIA, Privacy & Records Management Conference 2009
Privacy Breach Panel 11/16/2009
myGRANT COI NEW User Interface Effective
FOIA, Privacy & Records Management Conference 2009
Detecting, reporting & investigating data breaches under GDPR
Alabama Data Breach Notification Act: What County Governments Need to Know Morgan Arrington, General Counsel Association of County Commissions of Alabama.
Clemson University Red Flags Rule Training
Move this to online module slides 11-56
HQ Expectations of DOE Site IRBs
TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.
Colorado “Protections For Consumer Data Privacy” Law
Policy on Prompt Reporting
The Health Insurance Portability and Accountability Act
Presentation transcript:

PII BREACH MANAGEMENT Army Privacy Office 7701 Telegraph Road Casey Building, Room 144 Alexandria, VA DSN: Fax:

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) What is a Breach? The actual or possible loss of control, unauthorized disclosure, or unauthorized access of personally identifiable information (PII) where persons other than authorized users gain access or potential access to such information for other than authorized purposes where one or more individuals will be adversely affected. Source: DoD R, “DoD Privacy Program”, May 14,

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) PII is information that can be used to distinguish or trace an individual’s identity, such as his or her name, SSN, date and place of birth, mother’s maiden name, and biometric records, including any other personal information that is linked or linkable to a specified individual. What is Personally Identifiable Information ( PII) 2

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) Has a Breach Occurred? - Basic questions for determining a breach: Did you lose it? Did someone steal it? Was it compromised? - If you answered “YES”, to any of the questions above you have a reportable breach 2

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) Reporting (Upon discovery of actual or suspected breach) Immediately notify your Headquarters/Command Privacy Officer for assistance if an actual or suspected breach occurred  Within 1 hour report incident to the United States Computer Emergency Readiness Team (US-CERT) :  Within 24 hours report incident to the Army Privacy Office at :  Discuss with your Privacy Officer any further actions related to this breach (e.g. individual notification) 2

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) PII Breach Reporting Process Flowchart A BREACH OCCURS WHEN….An actual or possible loss of control, unauthorized disclosure, or access occurs, regardless of whether exposure was internal or external. Within 24 hours U.S. Computer Emergency Readiness Team (US-CERT) Army Privacy Office Notify Affected Individuals ASAP Your Chain of Command Within 1 hour Discoverer of the PII Breach Remedial Training Internal/External Investigation Work with local Privacy Office to determine notification procedures Directives: OMB M-07-16; DOD R (C ) 2

Office of the Administrative Assistant to the Secretary of the Army POC: Army Privacy Office – (DSN 328) - For additional assistance please contact your local privacy officer or you may contact the Army Privacy Office at:  (703) or 6832 / DSN (328)  - Additional information and training can be found on the following website: Questions? 2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.