Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)

Similar presentations


Presentation on theme: "Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)"— Presentation transcript:

1 Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)

2 Goals and Objectives At the conclusion of this training session you will be able to: Define Personally Identifiable Information (PII) Recognize the responsibility of access to PII Discover best practices to deter PII violations Illustrate how to identify PII loss Demonstrate procedures to report a PII loss Employ proper communication procedures while working with PII 2

3 A message from the Chief Information Officer The purpose of this message is to highlight responsibilities of anyone having authorized access to the Social Security Administration’s (SSA) Personally Identifiable Information. This memorandum provides basic security guidance for SSA employees, contractors, DDS employees, and government or business partners who handle SSA information. TO: All SSA Employees, Contractors and DDS Employees SUBJECT: Properly Safeguarding Personally Identifiable Information - ACTION 3

4 This reminder regards your responsibilities to properly safeguard personally identifiable information from loss, theft or inadvertent disclosure and to immediately notify your management of any loss of personally identifiable information. Personally identifiable information includes, but is not limited to, a person’s name, date of birth, Social Security Number, bank account information, address, health records and Social Security benefit payment data. Employees who fail to adequately safeguard personally identifiable information by failing to secure it from theft, loss or inadvertent disclosure may be subject to disciplinary action. 4 A message from the Chief Information Officer TO: All SSA Employees, Contractors and DDS Employees SUBJECT: Properly Safeguarding Personally Identifiable Information - ACTION

5 Progress Check 1 What are some examples of Personally Identifiable Information? A)Date of birth, Social Security Number, home address B)Health records and bank account information C)Full name, initials, nickname D)All of the above 5

6 Improper Safeguards Non-Secure areas in your environment include: An office where the public visits Public spaces An unlocked room An unattended desk Computers without password protection Storage devices (flash drives, CD, etc) that others have access to (non-password protected) 6

7 Improper Safeguards The following slides provide examples of situations where Personally Identifiable Information is improperly safeguarded. 7

8 Leaving an unprotected computer containing Personally Identifiable Information in a non-secure space Public spaceUnlocked room Unlocked car 8

9 Leaving a claims folder unattended On one’s deskIn a non-secure areaPublic location 9

10 Storing electronic files containing PII A Computer with no password protection A flash drive A compact disc 10

11 Working from home with files containing PII An unlocked roomAn unattended desknon-locking file cabinet 11

12 Progress Check 2 What are the consequences for exposing PII through the improper safeguards we have just presented? A)Violators may be exposed to liability B)SSA may change your organization’s status to ‘not ready to serve’ C)There is potential for interception of information by criminals D)All of the above 12

13 Best Practices Every individual from users to managers of SSA’s automated systems are required to follow agency rules for using SSA systems. 13

14 Best Practices to Deter PII violations Be familiar with current information on security, privacy and confidentiality practices Obtain written authorization before using sensitive or critical applications. Use only systems and data for which they have authorization. Lock or logoff their workstation/terminal prior to leaving it unattended. Act in an ethical, informed and trustworthy manner. Protect sensitive electronic records Be alert to threats and vulnerabilities to their systems 14

15 Best Practices – Managers must: Monitor the use of mainframes, PCs, LANs, and networked facilities to ensure compliance with national and local policies Ensure that employee screening for sensitive positions within their components has occurred prior to any individual being authorized access to sensitive or critical applications. Implement, maintain and enforce systems security standards and procedures Immediately contact their security officer whenever a systems security violation is discovered or suspected 15

16 Best Practices – Management of Employee Standards while working with PII Explain to employees that they are responsible for protecting personal information at all times, both on and off duty. Permit employees to access PII only when they need to do their jobs and to disclose it only when appropriate Train employees to handle PII responsibly and remind them periodically of their responsibilities to protect all PII they use to complete their work 16

17 Best practices continued Train employees to avoid leaving paper documents and records containing PII on unprotected desktops Create an environment where confidential records are stored in locking file cabinets or locking desks. When taking records or laptops offsite, lock them in the car’s trunk. Do not leave them in the passenger compartment. Utilize a cross-cutting shredder to shred papers with personal information before throwing them out. 17

18 Best Practices – Management of Technology Do NOT send personal information via email unless it is encrypted. This includes using any PII in the email subject or body. Send reports and documents containing PII via regular mail or send them to a secure FAX location. Use password protection and encryption software to protect confidential files from unauthorized access. 18

19 Best Practices Continued Choose a password that others cannot guess and change it frequently. Protect with encryption those peripheral data storage devices such as CDs and flash drives with records containing PII. Encrypt files with PII before deleting them from your computer or peripheral storage device. This will ensure that unauthorized users cannot recover the files. Lock or log off the computer when leaving it unattended. 19

20 Progress Check 3 We have discovered best practices for managers and employees in deterring PII violations. What is NOT a best practice for communicating PII when it is necessary? A)Send documents with PII through regular mail and fax as an attached, encrypted file to an email. B)Send reports or documents in the body of an email C)Communicate PII through a phone call D)Upload documents or reports through the Ticket Portal 20

21 Identifying PII Loss Work areaCommunication 21

22 How to Identify PII Loss in Communications An unencrypted email sent with a beneficiary's name, SSN, address, phone number or initials Receiving a request via email with a beneficiary’s name, SSN, address, phone number or the initials of a beneficiary 22

23 How to Identify PII Loss in the Work Area A co-worker left out a document with personal information on an unattended desk. A co-worker moved from their computer that is displaying PII without turning off the monitor or removing the material from the screen. Leaving a document with PII unattended at a printer. 23

24 Progress Check 4 Choose the PII loss scenario from the list below: A)A co-worker sent an email to the Ticket Program Manager (TPM) with an encrypted file B)An email was received from a colleague with a DUNS number C)An IWP was left on a printer in the common area of an office D)A client had a conversation with an Intake Supervisor 24

25 Reporting a PII Loss 25

26 Reporting a PII Loss 1.Notify a supervisor/manager in your chain of command 2.Manager will complete the “SSA Personally Identifiable Information violation form” 3.Manager will email the completed form to the Quality Assurance Coordinator at TPM 4.TPM will then report to SSA 26

27 Proper Communication with PII 27

28 Proper Communication with PII Ticket Portal Fax to TPM: 703.893.4020 Telephone call Encrypted email U.S. mail 28

29 Progress Check 5 Proper communication with PII includes the Ticket Portal, sending a fax to TPM, talking on the phone, or sending a document through the U.S. mail, or sending ___________. A)A private email B)An encrypted attachment C)A disguised email D)A blind copy email 29

30 Questions? 30 If you would like to contact Lisa Whitaker, Quality Assurance Coordinator for the Ticket Program Manager, she can be reached: 703.336.8075 LisaMWhitaker@maximus.com


Download ppt "Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)"

Similar presentations


Ads by Google