Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update on Privacy Issues at USU October 10, 2013.

Published byWilliam Robinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Update on Privacy Issues at USU October 10, 2013."— Presentation transcript:

1 Update on Privacy Issues at USU October 10, 2013

2 USU Privacy Breaches 5 breaches have already occurred in 2013 – more than in previous years. Breaches in the last 2 years could have affected over 21,100 individuals’ personal identification information and/or personal health information.

3 Washington Post Report Largest data breach in Federal Government history led to loss of 26.5 million veterans’ data

4 Recent USU Privacy Breaches PII & PHI located on personal computer and sent in unencrypted email PII on an unencrypted external hard drive not issued by the university or government Email with PII sent to unintended recipients PII sent via an open distribution lists Shared documents with PII using Google Apps Stolen laptop from car with unencrypted PHI and PII Stolen research laptop from home PII uploaded to a publicly accessible server

5 PII Definition – DoD 5411.11-R Personally Identifiable Information – Information about an individual that identifies, links, relates, or is unique to, or describes him or her and is linked or linkable to a specified individual.  Social Security Number  Date of Birth  Passport Number  Financial account number  Biometric Identifiers  Mother’s maiden name  Birthplace  Credit card number  Home Address/Phone/Cell  Protected Health Information (PHI)  Full Name  Genetic information  Other personal information

6 Consequences of Potential Breach Update OSD until resolution OSD/WHS Notification within 24 hours U.S. CERT* notification within 1 hour Notification of USU Privacy Office Incident *US Computer Emergency Readiness Team

7 Consequences of a Breach Having individual certified registered letters sent to every potentially affected individual. Providing Year-long credit monitoring through a 3 rd party. Example: monitoring credit costs ~$10 / person / year. A PII breach consisting of 3,000 research participants would cost the responsible department at least $30,000 / year. Potentially incur a fine for violation of the Privacy Act (personnel and/or agency).

8 Pop Quiz 1. What is the length of time from discovery of loss or suspected loss of PII that a Command or Unit must submit a report to U.S. Computer Emergency Readiness Team (CERT)? a. One hour b. Within 24 hours c. Two business days d. Up to one week

9 Pop Quiz 2. Among the list below, what is the number one cause for USU PII/PHI breaches? a. Insider threat b. Computer hackers c. Human error d. Phishing

10 Pop Quiz 3. Which of the following methods are safe for sending PII/PHI? a.Personal email b.USU.edu Google Mail c.Encrypted email d..mil email e.All of the above f.None of the above

11 Suggestions on the Way Ahead Require online Privacy Training and annual refresher training Create a University-wide centralize tracking system Any other or better suggestions?????

Download ppt "Update on Privacy Issues at USU October 10, 2013."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Office of Health, Safety and Security

Office of Health, Safety and Security
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.

June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
It’s Time to Upgrade Your Thinking. 2012 Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/12 213 breaches with over 8.5 million records.

It’s Time to Upgrade Your Thinking Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/ breaches with over 8.5 million records.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
For Holding Companies Accountable for Data Security Breaches Victor Flores CIS 1055.007.

For Holding Companies Accountable for Data Security Breaches Victor Flores CIS
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

Similar presentations

Ads by Google