Download presentation
Presentation is loading. Please wait.
Published byJanis Moore Modified over 9 years ago
1
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy and Security Incident? Click on the statements and find out which ones are privacy and security incidents Privacy and security incident types based on CPROC 50.1 privacy.merck.com
2
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. What is a privacy and security incident? Before starting the test, take a look at the definitions: When we talk about “Personal Information”, we mean any information that could be used to identify, locate or contact an individual. A “Privacy Incident” is a violation of any one of the Privacy and Data Protection Principles set forth in Corporate Policy 50, or a privacy or data protection Law (this may include a Security Incident). A “Security Incident” means access to Personal Information which leads to loss, misuse and unauthorized disclosure, alteration and/or destruction of personal data. Privacy and security incident types based on CPROC 50.1 privacy.merck.com Starting the test
3
1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Violation of Merck privacy and data protection principles Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident
4
1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Give proper notice & Respect customer choices
5
1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles This is not an incident. It is an adequate security measure Click here to continue
6
1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Limit what you collect & share
7
2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident
8
2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is a privacy & security incident Click here to continue Use non-identifiable data wherever possible
9
2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is not an incident Click here to continue To provide information about the number of people attending an event is non- identifiable personal information
10
2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) Click here to continue Keep personal data safe & safely destroy it This is a privacy & security incident
11
3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss or theft of storage device or paper records Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident
12
3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Lock, encrypt, protect your devices This is a privacy & security incident
13
3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records This is an adequate security measure Click here to continue
14
3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Please be mindful to keep sensitive paper records in a safe place This is a privacy & security incident
15
4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident
16
4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident This is an adequate privacy measure Click here to continue
17
4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Verify that requesters are authorized to access the data This is a privacy & security incident
18
4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Protect your devices and follow Information Risk management policies This is a privacy & security incident
19
5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. An unauthorized outside access When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. Next
20
5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access This is an adequate security measure Click here to continue
21
5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Protect your information and devices This is a privacy & security incident
22
5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Limit the access to personal data and keep it safe This is a privacy & security incident
23
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Return Test Privacy and security incident types based on CPROC 50.1 privacy.merck.com Report all known and suspected privacy and security incidents and other concerns to the MPO and/or your Compliance Officer
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.