Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Slides:



Advertisements
Similar presentations
Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Springfield Technical Community College Security Awareness Training.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
University of California, Davis1 Draft Wireless Network Policy Administrative Computing Coordinating Council September 10, 2001.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Session 3 – Information Security Policies
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Peer Information Security Policies: A Sampling Summer 2015.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Evolving IT Framework Standards (Compliance and IT)
Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.
The University of California UNIVERSITY OF CALIFORNIA Ethics & Compliance Program Sheryl Vacca SVP/Chief Compliance and Audit Officer Office of Ethics,
2015 ANNUAL TRAINING By: Denise Goff
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Establishing A Compliance Program: It Makes Sense
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Roles and Responsibilities
AUTHENTICATION IN AN INTERNET ENVIRONMENT Dominick E. Nigro NCUA Information Systems Officer.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
1 PARCC Data Privacy & Security Policy December 2013.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Treat it like it’s yours: best practices for handling student transcript data Bob Hughes Application Support Manager North Orange County CCD CCCTran Steering.
IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.
Protection of Minors Program Coordinators Information Session November 2015 Carolyn Brownawell Melisa Giraldo Dietrich Warner.
1 Resource Management, Data Integrity, and the Computing Environment September 2, 2015 Resource Management, Data Integrity, and the Computing Environment.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE
Red Flags Rule An Introduction County College of Morris
Alabama Data Breach Notification Act: What 911 Districts Need to Know
DATA BREACHES & PRIVACY Christine M
County HIPAA Review All Rights Reserved 2002.
Alabama Data Breach Notification Act: What County Governments Need to Know Morgan Arrington, General Counsel Association of County Commissions of Alabama.
Colorado “Protections For Consumer Data Privacy” Law
School of Medicine Orientation Information Security Training
Presentation transcript:

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003

California Civil Code, Section 1798 State’s response to an estimated 160,000 cases of identity theft in 2002 Requires organizations, including institutions of higher learning, to notify state residents when unauthorized individuals have obtained personal information via a computer security breach Effective as of July 1, 2003

UC Guidelines Electronic Information Security (BFB IS-3) Defines personal information as first name or first initial and last name in combination with one or more of the following: Social Security Number Driver’s license or California ID number Account or credit card number and security code, access code or password

UC Guidelines (cont.) Defines security breach as when a California resident’s unencrypted personal information is believed to have been acquired by an unauthorized person. Calls for system-wide notification procedures and the development of local guidelines.

UC Davis Implementation Chancellor Vanderhoef Appointed UC Davis Information Technology Security Coordinator, Bob Ono, as lead in coordinating the campus’ compliance efforts Via May 28, 2003 memo, notified Vice Chancellors, Vice Provosts and Deans of the need to take a proactive approach by identifying ways in which security risks can be minimized

UC Davis Implementation (cont.) IT Security Coordinator, Bob Ono Developed draft implementation plan that identifies key roles, responsibilities and procedures for: Minimizing risks of security breach Reporting incidents Notifying individuals whose personal information may have been obtained by a non- authorized person

Roles and Responsibilities CODVC Members Oversee preventative measures to secure data Communicate with appropriate staff about Section 1798, identity theft, and the campus implementation plan

Roles and Responsibilities (cont.) Campus Units Inform users of their responsibilities to secure personal information Assess risks and implement security safeguards for systems housing personal information Develop and maintain control records and establish monitoring procedures Report suspected incidents

Roles and Responsibilities (cont.) Campus Misuse Committee Investigate reported incidents Assess need for and authorize notifications Authorize case closure

Roles and Responsibilities (cont.) IT Security Coordinator, Bob Ono Communicate components of implementation plan to responsible parties Ensure response process is followed Ensure system-wide and campus notification procedures are followed Coordinate incident reporting with department personnel, Campus Misuse Committee, and UCOP

Resources Identity Theft Prevention Web Site Information Practices Act of 1977 – California Civil Code Section Information Security Policy, Business and Finance Bulletin IS-3 Misuse of University Resources, UC Davis Policy and Procedures Manual, Section

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.