When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption.

Slides:



Advertisements
Similar presentations
Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
Advertisements

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.
Service Point 5 ReportWriter How to create and run reports in ReportWriter.
Property Management Overview
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
ECONOMY OF GHANA NETWORK IMPLICATION OF RTI LAW ON GOOD GOVERNANCE AND TRANSPARENCY & ACCOUNTABILITY BY FLORENCE DENNIS GHANA ANTI-CORRUPTION COALITION.
Developing a Records & Information Retention & Disposition Program:
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
NDSU RECORDS MANAGEMENT INITIATIVE December 2007 PowerPoint.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Dino Tsibouris (614) Technology Contracting 101 What to watch out for in your contracts.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Records Management Fundamentals
1 25 October EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Archiving Records Offsite Using the State Records Center (SRC)
Copyright© 2010 WeComply, Inc. All rights reserved. 9/19/2015 Record Management.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
WORKING WITH SPO AND IAO Lynne HollyerNoam Pines Associate Director Research Administrator Industry Alliances OfficeSponsored Projects Office
“PRESERVATION, COLLECTION, AND PRODUCTION OF DOCUMENTS AND ESI IN CONSTRUCTION CASES” PRESENTERS: John Foust Jones Day San Francisco, CA John Foust Jones.
Meet and Confer Rule 26(f) of the Federal Rules of Civil Procedure states that “parties must confer as soon as practicable - and in any event at least.
SPH Information Security Update September 10, 2010.
Classified information in Estonia: The role of the archives Priit Pirsko EBNA meeting in Brussels 18–19 November 2010.
Research Services Research Services Presentation to Department of Paediatrics Gill Rowe Head, Research Services, Medical Sciences 23 September 2015.
1 Polish SAI (NIK) experience in the field of EU funds Piotr Szpakowski Najwyższa Izba Kontroli Prague, 6-8 November 2006.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
Frameworks for the Access and Use of Administrative Data, With the Example of Current Practice in the UK Steven Vale Office for National Statistics UK.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
Quality Research Administration Meeting Record Retention Policies for Contracts and Grants Tam Tran Assistant Director, Sponsored Projects September 12,
J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Data Protection and research Rachael Maguire Records Manager.
Human Subjects Update E. Wethington, Chair, UCHS.
Fraud Risk – some context first Year ending September 2015 there were 604,601 fraud offences reported (ONS) The National Fraud Indicator report in 2013.
Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.
CITY OF PHOENIX RECORDS MANAGEMENT AND E-PRIVACY Margie Pleggenkuhle City Clerk Department March 18, 2004.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Page 1 Procurement and Probity Issues that Impact on the School Environment Presentation to the Tasmanian Schools Administrators’ Association (TSAA) Hobart.
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Lee Wilson, Wilson Partners Law
Warren Binford, Willamette U. College of Law
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
New challenges for archives in Iceland
Records Management Compliance Training
6 Principles of the GDPR and SQL Provision
Litigation Holds: Don’t Live in Fear of Spoliation
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders.
Archiving of Electronic Records
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Student Privacy in the age of big data
The Freedom of Information and Data Protection Legislation An Overview
Data Protection What can I do? GDPR Principles General Data Protection
Code of Conduct By Leo Coroneos
Presentation transcript:

When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption key is lost, stolen or otherwise unavailable

“Standards” for encryption  Defining due diligence for UCLA  No rot-13!

 Types of data of concern  Things to consider  How to approach

Availability: Of what data? Records subject to a California Public Records Act request, including not falling under incidental personal use Administrative book of record data required by applicable law and policy Transient book of record data, e.g., original data created on a laptop that is book of record until it is transferred to a main database Data with under a legal obligation, such as: Non-book of record data (i.e., copies) that the University is under legal obligation to segregate, such as copies of data under a duty to preserve (e-discovery)e-discovery Research data subject to a contracts and grants requirement Data whose unavailability will cause some other institutional impact (e.g., information relevant to a patent dispute)

Availability: Things to consider 1 Availability is not a new requirement! It is driven by many legal obligations, including the California Public Records Act that speaks to transparency and accountability of public institutions.

Availability: Things to consider 2 Privacy and cultural concerns Intertwining with non-consensual access protocol Native encryption in applications / databases Native encryption of laptops Trend toward ubiquitous native hard disk encryption

Availability: How to approach Encryption key management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.