Presentation is loading. Please wait.

Presentation is loading. Please wait.

Destroying Confidential and Restricted Information Presentation #3 12/11/2014 This presentation defines confidential and restricted information and gives.

Published byOliver McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Destroying Confidential and Restricted Information Presentation #3 12/11/2014 This presentation defines confidential and restricted information and gives."— Presentation transcript:

1 Destroying Confidential and Restricted Information Presentation #3 12/11/2014 This presentation defines confidential and restricted information and gives examples of data that should be destroyed. 1

2 Stay Tuned! This is the THIRD in a series of presentations to help departments prepare for campus clean-up day. 2

3 February 20 th Collection Locations We will have four collection areas on campus. The shredding trucks will visit each of these locations as follows: The onsite shredding truck will be stationed from 9:00-3:00 in Parking Lot 15 (near Cheadle Hall and North Hall.) The other shredding truck will rove around to the pick-up locations stationed around campus. The schedule for the roving truck is: o 9:00 - 11:00: Parking Lot 11 (near Chemistry and Physical Sciences buildings) o 11:00 – 1:00: Noble Hall Service Lot o 1:00 – 3:00: Thunderdome (East Service Area) 3

4 4 Shredding collected 1:00-3:00 Shredding onsite 9:00-3:00 Shredding collected 9:00-11:00 Shredding collected 11:00-1:00

5 How do I get started? 5

6 IDENTIFY the records you have Records in shared drives should have names that help identify what they are. There may be a list of files for your file cabinets and boxes. CDs and flash drives likely have labels. Determining the people who use the documents can help you identify what the records are and whether they are still in use. 6

7 CHECK the UC Record Retention Schedule The Retention Schedule can be found at: http://recordsretention.ucop.edu/ If you are unsure how to use the retention schedule, you can watch a taped webinar: http://www.ucop.edu/information-technology- services/initiatives/records-retention- management/training-materials.html 7

8 DETERMINE whether the records can be destroyed The retention period has lapsed, and no one uses the records… Destroy or delete the records. Shred sensitive, confidential, or restricted paper records. The retention period has lapsed, but people still use the records… Contact UCSB Record Manager Tessa Mendez about your situation. The retention period has lapsed, but they are part of an ongoing litigation, investigation, PRA request, or audit… Keep the records. 8

9 FREEZE A public records act request; Pending, foreseeable, or ongoing litigation; An investigation; or An ongoing audit pertaining to the records is taking place. Remember- You should NOT destroy a record if there is: This is called a “records freeze.” The records cannot be destroyed under the Record Retention Schedule until these actions have been completed or resolved. 9

10 RMP 2, Appendix B Methods of disposal need to take into account the subject matter or contents of the records. Records containing information if used inappropriately could adversely affect the university, its partners, or the public must not be disposed of casually. Instead such records must be destroyed so that they cannot practicably be reconstructed. 10

11 Intermingled Records In some cases, records requiring destruction may be intermingled with disposable records to such an extent that it is more cost-effective to destroy an entire group of records, rather than picking out just those for which destruction is required. Appendix B 11 RMP 2, Appendix B

12 The next slides will address: Confidential information, Restricted information, Personally identifiable information, Personal information, Protected health information. Records containing these types of information must be destroyed when the retention period has lapsed. 12 What information must be destroyed?

13 Confidential Information Confidential Information: The term “confidential information” applies broadly to information for which unauthorized access or disclosure could result in an adverse effect. To address this risk, some degree of protection or access restriction is warranted. BFB IS-2 Appendix B 13

14 Restricted Information Restricted Information: "Restricted information" is UC's term for the most sensitive confidential information. Restricted information or data is any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage, transit, or deletion. BFB IS-2 14

15 Examples of Restricted Information Personally Identifiable Information (PII) Protected health information (PHI) protected by Federal HIPAA legislation Credit card data regulated by the Payment Card Industry (PCI) Passwords providing access to restricted data or resources Court-ordered settlement agreements requiring non-disclosure Information specifically identified by contract as restricted Other information for which the degree of adverse affect that may result from unauthorized access or disclosure is high. 15

16 Guidelines for Dealing with Restricted Information Restricted information should not be collected or stored unless absolutely necessary. Access to restricted resources should be authorized only as needed to perform assigned duties. Ensure training for all individuals who have been granted access to restricted resources. Delete or redact restricted information when there is no longer a business need for its retention. When deleting restricted information, ensure record contents are rendered irretrievable by shredding or other means. Do you have restricted information in your department? IS-3, Appendix B When destroying restricted information, don't forget about email attachments, screenshots, old or previous versions of files, drafts, archives, copies, backups, CDs/DVDs, old floppies, etc. 16

17 What is “PII”? As used in US privacy law and information security, personally identifiable information (“Pll”) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. For legal purposes, the effective definitions vary on the jurisdiction and the purposes for which the term is being used. 17

18 What is personal information? A term similar to Pll, "personal information" is specifically defined, in a section of the California data breach notification law, S81386:[14]. Here, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: Social security number. Driver's license number or California ldentification Card number. Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. The definition does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. 18

19 What is “PHI”? Protected health information, or “PHI”, is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This may be interpreted broadly to include any part of a patient's medical record or payment history. 19

20 What is “FERPA”? The Family Educational Rights and Privacy Act of 1974, is a federal law regarding the privacy of student records and the obligations of the University, primarily in the areas of release of the records and the access provided to these records. At UCSB, the Registrar is the authoritative office for FERPA information. Refer to the Registrar's website for information about privacy requirements for student records, as well as related resources: https://registrar.sa.ucsb.edu/recinfo.aspx https://registrar.sa.ucsb.edu/recinfo.aspx 20

21 Examples of Other Types of Confidential Information That Should Be Destroyed Home address or home telephone number Personal information protected by anti-discrimination and information privacy laws such as: Ethnicity or Gender Date of birth Citizenship Marital Status Religion or Sexual orientation Certain types of student records Exams, answer keys, and grade books Applicant information in a pending recruitment Information subject to a non-disclosure agreement, including research data, intellectual property (IP), patent information and other proprietary data Academic evaluations and letters of recommendation Some kinds of personnel actions "Pre-decisional" budget projections for a campus department (can also be marked "Draft" or "Not for Distribution") 21

Download ppt "Destroying Confidential and Restricted Information Presentation #3 12/11/2014 This presentation defines confidential and restricted information and gives."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
Introduction to 2014-2015 Gaucho Round-Up 1 Presentation #1 12/1/2014.

Introduction to Gaucho Round-Up 1 Presentation #1 12/1/2014.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of 1974. Is also referred.

FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of Is also referred.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
Family Educational Rights & Privacy Act (FERPA) An Overview for University Faculty and Staff.

Family Educational Rights & Privacy Act (FERPA) An Overview for University Faculty and Staff.

Similar presentations

Ads by Google