Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.

Published byRoy Reynard Allison Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014."— Presentation transcript:

1 Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014

2  Most KDE employees have access to some confidential data. Can include:  Personnel data – even its just your own.  Student Information  School/district – personnel information  Financial Information  Confidential documents (ex: draft RFPs, legal documents, etc.)  Other --- may be subject to open records but not necessarily something that needs to be readily available. Who has access to confidential data?

3  Access to PII must be approved by Manager, Director, Associate – depending on level of access. “NEED TO KNOW”  All employees sign Affidavit of Non-Disclosure as part of their Human Resource paperwork.  Agree to:  Not permit access to confidential data to unauthorized persons  Maintain confidentiality of data  Not reveal information for purposes other than statistical purposes authorized by KDE.  Report any instances of missing data, data inappropriately used, or taken off-site. Especially keep this last part in mind if you have virtual work agreement. Personally Identifiable Data (PII)

4  Affidavit of Non-Disclosure also indicates employee understands that:  Unauthorized disclosure of confidential information is governed by FERPA and penalty for unlawful disclosure can result in fine and imprisonment.  Personal characteristics that could lead to membership in a group such as ethnicity or program area, are protected.  Data sets or output reports generated using confidential data are to be protected and not distributed to unauthorized parties.  Responsible for access using user id/password – DON’T SHARE. Personally Identifiable Data (PII) Affidavit of Non-Disclosure to become annual requirement for those with system access.

5  Keep user ID and password secure.  Create strong password.  Don’t leave computer on and accessible when away.  Use VPN when wireless connection is unsecured.  Don’t print reports with PII unless absolutely necessary.  Shred documents that include PII when finished.  Periodically reviewed saved files to purge those no longer needed. Access of PII

6  Do not include PII in emails:  If PII received in email remove it before responding; delete original email.  Use SSID without other identifiable information.  If PII must be shared, data must be encrypted. Request a secure email account. KDE uses through MOVE ITMOVE IT  Ensure documents created do not include identifiable data on screen shots. (examples: PowerPoint presentations, training documents)  Remove identifiable information or create dummy records that are clearly not real people.  Verify documents you receive don’t include PII before forwarding/sharing. Using PII

7 Storing PII  Personally identifiable data should not be saved on SharePoint, One-Drive, local hard drives, flash/thumb/jump drives or other external portable storage devices.  Access limited to those with “Need to Know”.  Analyze needs for storage of PII and request access to FILP1 for storing data.  Work through data governance member to communicate Office needs for data storage.  Clean out old files to ensure PII is not being stored inappropriately.

8  Requests for PII must go through Enterprise Data. On-line data request form on KDE website – access through the Researchers link.  Enterprise data responsible for ensuring  Release allowable under FERPA exceptions  Memorandum of Understanding in place before any data is shared.  Data is shared securely.  Record of data release is maintained.  Contracts that necessitate release of data require same provisions. PII Requests

9  Avoid sharing PII if at all possible;  Discourage districts from sharing PII.  When necessary, share only through secure email (MoveIt) or Secure FTP.  Store data securely  Password protect files  Store on FILP1 – not on hard drive, external devices, One-Drive or SharePoint.  Redact or suppress aggregate level files.  Purge old files or documents that contain PII.  Contact Office Data Policy Member for guidance on best practices or Enterprise Data division. PII Best Practices

Download ppt "Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.

FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Similar presentations

Ads by Google