Update on Privacy Issues at USU October 10, 2013.

Slides:

Advertisements

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Advertisements

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Office of Health, Safety and Security

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.

HIPAA Regulations What do you need to know?.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Springfield Technical Community College Security Awareness Training.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

It’s Time to Upgrade Your Thinking Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/ breaches with over 8.5 million records.

1 Identity Theft and Phishing: What You Need to Know.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

For Holding Companies Accountable for Data Security Breaches Victor Flores CIS

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

PII BREACH MANAGEMENT Army Privacy Office 7701 Telegraph Road Casey Building, Room 144 Alexandria, VA DSN: Fax:

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Panel Discussion on Identity Theft and PII Facilitated by Barry West, CIO Department of Commerce –Panelists: Kenneth Mortensen, DOJ Marc Groman, FTC Hillary.

C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.

Privacy Act United States Army (Managerial Training)

Put the EZ in eZ-Audit Ti Baker Session What is eZ-Audit? eZ-Audit is a web-based application that allows you to submit your financial statements.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Information Security: Current Threats Marc Scarborough Information Security Officer

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Technological Awareness for Teens and Young Adults.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Safe Computing Protect your electronic profile means protecting You and Case Information Security Office, ITS Case Western Reserve University 2015 Information.

Payment Card Industry (PCI) Rules and Standards

Protecting PHI & PII 12/30/2017 6:45 AM

Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.

Privacy and Security Basics for CDSME Data Collection

Office of Health, Safety and Security

Regulatory Compliance

Protecting Personal Information at Fermilab

Privacy Breach Panel 11/16/2009

Red Flags Rule An Introduction County College of Morris

NORTHEASTERNERS, INC. IRS 990 filing instructions presentation

INFORMATION GOVERNANCE

Evergreen Valley College NCLEX Application Review

Clemson University Red Flags Rule Training

Information Security Training

Personnel Training for Privacy

Move this to online module slides 11-56

HQ Expectations of DOE Site IRBs

Colorado “Protections For Consumer Data Privacy” Law

Protecting Student Data

School of Medicine Orientation Information Security Training

Presentation transcript:

Update on Privacy Issues at USU October 10, 2013

USU Privacy Breaches 5 breaches have already occurred in 2013 – more than in previous years. Breaches in the last 2 years could have affected over 21,100 individuals’ personal identification information and/or personal health information.

Washington Post Report Largest data breach in Federal Government history led to loss of 26.5 million veterans’ data

Recent USU Privacy Breaches PII & PHI located on personal computer and sent in unencrypted PII on an unencrypted external hard drive not issued by the university or government with PII sent to unintended recipients PII sent via an open distribution lists Shared documents with PII using Google Apps Stolen laptop from car with unencrypted PHI and PII Stolen research laptop from home PII uploaded to a publicly accessible server

PII Definition – DoD R Personally Identifiable Information – Information about an individual that identifies, links, relates, or is unique to, or describes him or her and is linked or linkable to a specified individual.  Social Security Number  Date of Birth  Passport Number  Financial account number  Biometric Identifiers  Mother’s maiden name  Birthplace  Credit card number  Home Address/Phone/Cell  Protected Health Information (PHI)  Full Name  Genetic information  Other personal information

Consequences of Potential Breach Update OSD until resolution OSD/WHS Notification within 24 hours U.S. CERT* notification within 1 hour Notification of USU Privacy Office Incident *US Computer Emergency Readiness Team

Consequences of a Breach Having individual certified registered letters sent to every potentially affected individual. Providing Year-long credit monitoring through a 3 rd party. Example: monitoring credit costs ~$10 / person / year. A PII breach consisting of 3,000 research participants would cost the responsible department at least $30,000 / year. Potentially incur a fine for violation of the Privacy Act (personnel and/or agency).

Pop Quiz 1. What is the length of time from discovery of loss or suspected loss of PII that a Command or Unit must submit a report to U.S. Computer Emergency Readiness Team (CERT)? a. One hour b. Within 24 hours c. Two business days d. Up to one week

Pop Quiz 2. Among the list below, what is the number one cause for USU PII/PHI breaches? a. Insider threat b. Computer hackers c. Human error d. Phishing

Pop Quiz 3. Which of the following methods are safe for sending PII/PHI? a.Personal b.USU.edu Google Mail c.Encrypted d..mil e.All of the above f.None of the above

Suggestions on the Way Ahead Require online Privacy Training and annual refresher training Create a University-wide centralize tracking system Any other or better suggestions?????