Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15.

Slides:

Advertisements

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Advertisements

Data Management Tools David Wallom. YOUR DATA DOES NOT BELONG TO YOU! IT BELONGS TO YOUR EMPLOYING INSTITUTION!

Open Access: Data Protection, Storage and Sharing Caroline Dominey.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Service Point 5 ReportWriter How to create and run reports in ReportWriter.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Information Governance

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Session 3 – Information Security Policies

10 Essential Security Measures PA Turnpike Commission.

New Data Regulation Law 201 CMR TJX Video.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Introduction to computers. What is a personal computer? Capacity: Large hard disks combined with a large working memory (RAM) Speed: Fast. Normally measured.

Practical Information Management

Handling information 14 Standard.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

1.1 System Performance Security Module 1 Version 5.

Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Chapter 2 Securing Network Server and User Workstations.

® HHM Clean Desk Policy. 2 ® Clean Desk Policy : What Will You Learn Importance of Privacy and Security The kinds of information we protect Privacy Requirements.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.

ISO/IEC 27001:2013 Annex A.8 Asset management

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

14 May 2014 Information Security, Information Governance and the Law – Confidence in Compliance © Contact Leonardo for reuse

Enw / Name. What is a on-line / paper based data capture form Can you give an example where each are used? Automated data capture systems are used around.

Learning Intention Security of Information. Why protect files? To prevent unauthorised access to confidential information To prevent virus/corruption.

Computer Security Sample security policy Dr Alexei Vernitski.

ICT Laptops Passwords Encryption Back-ups Data Protection and the Internet Viruses Social Networking / Professional Conduct.

Welcome to the ICT Department Unit 3_5 Security Policies.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Module 5: Designing Physical Security for Network Resources

Online Safety The Campion School.

Information Security Management Goes Global

USB flash drive A flash drive consists of a small printed circuit board carrying the circuit elements and a USB connector, insulated electrically and protected.

Service Point 5 ReportWriter

Service Point 5 ReportWriter

Information Security Seminar

Red Flags Rule An Introduction County College of Morris

Security of People, Property and Information

Records management and data security

County HIPAA Review All Rights Reserved 2002.

12 STEPS TO A GDPR AWARE NETWORK

IT & Security Training Skills.

Understanding Data Protection

Handling Information Securely

G061 - Network Security.

Handling information 14 Standard.

Comodo Dome Data Protection

Why do we need to keep records

Personal Mobile Device Acceptable Use Policy Training Slideshow

Presentation transcript:

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15

New ICT Policies Device Lockdown Policy Removable Media and Data Transfer Policy Information Exchange Policy

Implementation Headteachers Breakfast Briefing – 21 st March Training session with School staff - Summer term

Device Lockdown Policy Purpose: This policy will ensure effective management of information and data by setting out the requirements under which it will be accessed, so that the risk of corruption, loss or unauthorised access is minimised.

Requirements: By default, all computer and device external ports (CD, DVD, USB, etc) will be disabled. Following a Business case and Risk Assessment supported by the evidence, external ports may be enabled. PCs and other devices will automatically lock down after 5 minutes of inactivity. The appropriate physical and software security measures will be in place to ensure no unauthorised access to any locked down device. Device Lockdown Policy

This policy will ensure the effective management and security of information and data when it is transferred, used and stored on removable media devices. This will minimise the risk of corruption, loss or unauthorised access. The policy also provides evidence that there is a robust framework in place to protect personal and confidential information and data in its possession. This will promote the trust and confidence of individuals, private organisations and public bodies. Removable Media and Data Transfer Policy

Removable media and transfer devices for the purpose of this policy include (not exhaustively): Laptop or portable computers Hand-held computers (PDAs, Ipaqs etc.) USB memory sticks Recordable discs (CDs, DVDs, floppy disks or diskettes etc.) Memory cards SIM cards Mobile & smart phones Digital cameras Voice recording devices Paper-based records (physical files, photocopies, print-outs etc.)

The aims of this policy are to ensure that when removable media devices are provided and used: Needs of users are accommodated. Information and data is protected. Personal, third party, privileged, commercially confidential and any other sensitive information and data is protected. Unauthorised disclosure of information and data is minimised. Integrity of information and data is maintained. Unintended consequences to the stability of the computer network are prevented. Legislation, policies or good practice requirements are met. Confidence and trust are promoted and maintained when information and data are transferred and shared, both internally and externally. Removable Media and Data Transfer Policy

Removable Devices and Data Transfer Policy Data must always be created, maintained and stored in source systems or databases. Removable media devices must only be used to store or transfer data that already exists within such systems or databases. They must not be the only place that information and data is stored. All removable media must be transferred and stored in an appropriately secure and safe environment that avoids physical risk, loss or corruption. Privately owned storage media or other equipment must not be connected to hardware or to the network. Nor must privately owned removable media devices be used to store or process information and data of any kind.

Removable Media and Data Transfer Policy Whilst in transit or storage, information and data must be given appropriate security according to its sensitivity. Encryption must be applied to information and data transferred via or held on removable media devices unless there is no risk to the Council, other organisations or individuals from the data being lost whilst in transit or storage; i.e. the data is not personal, sensitive or confidential and would be potentially available to the public under freedom of information or environmental information under legislation.

All unneeded or end-of-life removable media must be returned for secure data removal before re- allocation or disposal, in accordance with the Council’s ICT Asset Recycling Policy. If aspects of this policy interfere with a valid business requirement, an application should be made for consideration. Removable Media and Data Transfer Policy

Information Exchange Policy This policy will ensure effective management of information and data by setting out the requirements under which it will be accessed, so that the risk of corruption, loss or unauthorised access is minimised.

Information Exchange Policy Information Storage: All electronic information will be stored on centralised facilities to allow regular backups to take place. Information will not be held that breaches the Data Protection Act (1998) or formal notification and guidance issued. Staff should not be allowed to access information until line managers are satisfied that they understand and agree the legislated responsibilities for the information that they will be handling. Databases holding personal information will have a defined security and system management policy for the records and documentation. Files which are listed as a potential security risk should not be stored on the network, except for in designated application storage areas.

Disclosure of information: The disclosure of personal information to other than authorised personnel is forbidden Sensitive documents are not to be left unattended and when not in use shall be locked away. Computer and paper information are to be accessible to authorised persons and individual staff are not to be the sole custodians of any data or information. Disposal methods for waste computer printed output and other documentation are according to the sensitivity of the material. Information Exchange Policy

Sharing of Personal Records: Information relating to individuals should not be shared without following agreed protocols. In the absence of local protocols, staff are to contact their line manager for advice before the release of any information. Staff should be aware of their responsibilities to be able to justify the sharing of information and to be able to maintain security when transferring information in person, by , by fax, phone or post. Information Exchange Policy

Next steps Allocate time for a training session Think about any particular issues to be discussed Implement School policies

Any Questions