Download presentation
Presentation is loading. Please wait.
Published byClinton Mitchell Modified over 8 years ago
1
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015
2
Participants will understand the updated 2015 NYS Migrant Education Policies & Procedures for handling confidential information Participants will be able to employ the tools demonstrated in this presentation to better enhance the security of their workplace At the end of the presentation, participants will be able to pass the “Training of Trainers” certification exam with a score of 90% or better 11/5/20152POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION
3
Definitions and examples 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION3
4
According to the GAO, Personally Identifiable Information is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION4
5
Any sort of name (first, last, maiden, mother’s maiden, alias, etc.) Government ID numbers such as SSN, driver’s license, passport Status information such as address, employment status, education status Telephone numbers (cell, home, business, etc.) Any additional information that can be linked to the information above (DOB, place of birth, etc.) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION5
6
Why should we protect Personally Identifiable Information? 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION6
7
The Family Educational Rights and Privacy Act (FERPA) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION7
8
Protects the disclosure of Personally Identifiable Information and educational records of students Governs who has access to this data 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION8
9
Schools officials with legitimate educational interest Other schools to which a student is transferring Specified officials for audit or evaluation purposes Appropriate parties in connection with financial aid to a student Organizations conducting certain studies for, or on behalf of, the school Accrediting organizations To comply with a judicial order or lawfully issued subpoena Appropriate officials in cases of health and safety emergencies State and local authorities within a juvenile justice system pursuant to specific state law 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION9
10
This important and commonly used document contains a considerable amount of PII Information from the COE, the databases associated with it (such as MSIX and MIS200), and related documents is private! Only access the necessary data to perform your job duties Only for official purposes related to providing services 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION10
11
Protocols and responsibilities to protect sensitive information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION11
12
Ensure only authorized employees have access to private information Tie actions taken to a specific user Ensure only employees have access to the information required by their position Ensure NYS Migrant Education information is not released without consent 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION12
13
Protect your logon credentials to your workstation, databases that you have access to, your email accounts, etc. Never share your account passwords with anyone else. You are responsible for all actions taken with your credentials Staff should create STRONG passwords that use a combination of uppercase letters, lowercase letters, numbers, and symbols Passwords should be updated regularly 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION13
14
Physical documents containing PII should be kept in an area accessible only to staff that can be locked during non-business hours Computers should be locked with [Windows] + [L] or logged off whenever they are unattended Digital media containing migrant family information should be encrypted with appropriate software Proper destruction methods should be observed when disposing of physical or electronic media that contains this information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION14
15
Incidents, Social Engineering Attempts, Emails, Breaches 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION15
16
An incident is when you suspect or can confirm that migrant family information is at risk of being shared with an unauthorized party Can be a simple mistake, such as sending an email with PII to the wrong recipient Can be the result of a computer virus infection Can be more malicious, such as an unauthorized party obtaining your credentials to databases Better safe than sorry- report any warning signs 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION16
17
Be aware of individuals around you who can see your keyboard as you type in passwords Be aware of social engineering and scams. These include phony calls from help desks claiming to offer support for a problem you were not aware of, or suspicious emails asking you to click a link and enter your credentials 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION17
18
Attachments should be scanned with antivirus software, and suspicious attachments should not be downloaded PII should NEVER be put in the body of an email, and should instead be sent as an encrypted attachment using appropriate encryption software Passwords to encrypted documents must be sent through alternative means outside of the email Only refer to a migrant student or individual with a Unique ID number that is assigned to them, such as those assigned by MSIX or MIS2000 Include confidentiality notice at the bottom of emails containing such attachments or information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION18
19
Microsoft Office & 7-zip 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION19
20
A breach is unauthorized access to information or a database with the intent to compromise the system Step 1: Contain the breach Step 2: Contact immediate supervisor Step 3: Contact the ID&R / MIS2000 director Step 4: Document the breach In many occasions, the ID&R / MIS2000 Director might request that you participate in a detailed evaluation of the events leading to the breach for official records, prevention, and other uses. 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION20
21
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION THANK YOU FOR ATTENDING!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.