Presentation is loading. Please wait.

Presentation is loading. Please wait.

#ISUCIT.

Published byMarilynn Mitchell Modified over 6 years ago

Similar presentations

Presentation on theme: "#ISUCIT."— Presentation transcript:

1 #ISUCIT

2 Welcome to CIT 2016 Session: Personally Identifiable Information and You Presenters: Seth Pheasant & Jeff Grabb

3 What is Personally Identifiable Information (PII)?
Basics: Information about an individual which allows some other entity to identify the individual. Examples: SSN, Bank Account Number, Etc.

4 History of PII ISU’s History: Transition from SSN to UID Impact: Exposes individuals to an array of criminal exploits. (stalking, stolen identity, etc.)

5 Group Interaction  When does it become PII? John John born 02/14
John Smith born 02/14 John born 02/14/86 John Smith born 02/04/86 SSN

6 An Important Point “A common misconception is that PII only includes data that can be used to directly identify or contact an individual (e.g., name, address), or personal data that is especially sensitive (e.g., Social Security number, bank account number). The OMB and NIST definition of PII is broader. The definition is also dynamic, and can depend on context. Data elements that may not identify an individual directly (e.g., age, height, birth date) may nonetheless constitute PII if those data elements can be combined, with or without additional data, to identify an individual. In other words, if the data are linked or can be linked to the specific individual, it is potentially PII.” (IT Law Wiki)

7 PII Legality Federal Law: None for regulating private entities. California Senate Bill 1386: Focuses on identity theft. Privacy Act of 1974: Regulates government collection of PII.

8 ISU Incidents & Close Calls
COB Incident(s): Open share, lots of data, big issues… Mainframe Display: First web-app for the mainframe – displayed course instructor’s SSN in the clear.

9 Non-ISU Incidents DNC Hack: Likely preformed by a foreign government - disclosed thousands of s and documents. MLB Hack*: Cardinals’ ex-executive had unauthorized access to the Astros’ database.

10 Current Efforts University Policy: deals with overall information security. - Records retention (in progress) Tech Solutions: Risk mitigation solutions following a cross-functionally developed protocol.

11 Questions?

12 #ISUCIT

Download ppt "#ISUCIT."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Office of Health, Safety and Security

Office of Health, Safety and Security
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Protecting the Privacy of Family Members in Survey and Pedigree Research Jeffrey R. Botkin, MD, MPH University of Utah.

Protecting the Privacy of Family Members in Survey and Pedigree Research Jeffrey R. Botkin, MD, MPH University of Utah.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Public Information Online. Timothy WhitneyCaroline Aaron.

Public Information Online. Timothy WhitneyCaroline Aaron.
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV - 2011 NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.

Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.
PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.

PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.

Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.

Similar presentations

Ads by Google