Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Published byJanis Moore Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy."— Presentation transcript:

1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy and Security Incident? Click on the statements and find out which ones are privacy and security incidents Privacy and security incident types based on CPROC 50.1 privacy.merck.com

2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. What is a privacy and security incident? Before starting the test, take a look at the definitions: When we talk about “Personal Information”, we mean any information that could be used to identify, locate or contact an individual. A “Privacy Incident” is a violation of any one of the Privacy and Data Protection Principles set forth in Corporate Policy 50, or a privacy or data protection Law (this may include a Security Incident). A “Security Incident” means access to Personal Information which leads to loss, misuse and unauthorized disclosure, alteration and/or destruction of personal data. Privacy and security incident types based on CPROC 50.1 privacy.merck.com Starting the test

3 1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Violation of Merck privacy and data protection principles Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident

4 1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Give proper notice & Respect customer choices

5 1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles This is not an incident. It is an adequate security measure Click here to continue

6 1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Limit what you collect & share

7 2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident

8 2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is a privacy & security incident Click here to continue Use non-identifiable data wherever possible

9 2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is not an incident Click here to continue To provide information about the number of people attending an event is non- identifiable personal information

10 2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) Click here to continue Keep personal data safe & safely destroy it This is a privacy & security incident

11 3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss or theft of storage device or paper records Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident

12 3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Lock, encrypt, protect your devices This is a privacy & security incident

13 3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records This is an adequate security measure Click here to continue

14 3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Please be mindful to keep sensitive paper records in a safe place This is a privacy & security incident

15 4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident

16 4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident This is an adequate privacy measure Click here to continue

17 4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Verify that requesters are authorized to access the data This is a privacy & security incident

18 4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal email of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an email with an attachment that includes sensitive personal information to the wrong internal email distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Protect your devices and follow Information Risk management policies This is a privacy & security incident

19 5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. An unauthorized outside access When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. Next

20 5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access This is an adequate security measure Click here to continue

21 5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Protect your information and devices This is a privacy & security incident

22 5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Limit the access to personal data and keep it safe This is a privacy & security incident

23 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Return Test Privacy and security incident types based on CPROC 50.1 privacy.merck.com Report all known and suspected privacy and security incidents and other concerns to the MPO and/or your Compliance Officer

Download ppt "Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Information Governance

Information Governance
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Similar presentations

Ads by Google