POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Slides:



Advertisements
Similar presentations
National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.
Advertisements

FERPA - Sharing Student Information
Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Privacy and Information Security Training ( ) VUMC Privacy Website
SPECIAL EDUCATION Professional Development Policy 2419/Medicaid/IEP.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
FERPA What You Need to Know as a Wayne State Student Prepared by the Office of the Registrar.
IS3350 Security Issues in Legal Context
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
FERPAFERPA Family Educational Rights and Privacy Act.
FERPA: Family Educational Rights and Privacy Act.
FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of Is also referred.
FERPA The Family Educational Rights and Privacy Act.
FERPA Overview for CANR Business Managers Rob Kent, MSU Assistant General Counsel October 7, 2014.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
FERPA at The Catholic University of America Presented by Laura Jacobs Anderson Associate Registrar Office of Enrollment Services.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Confidentiality and Public Information Act LISD Special Education Department Training SY
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.
FAMIS CONFERENCE Mari M. Presley, Assistant General Counsel Florida Department of Education June 12, 2012.
0 Managing Student Records Legally and Effectively Tiffany Hogue Provost’s Office Spring 2009.
Special Education 101 Elementary Dept. Chair 1/27/2009 Confidentiality.
Personal data protection in research projects
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
The Georgia Open Records Act and ferpa
Taylor County Schools FERPA (Confidentiality) Training August 17, 2010.
FERPA Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment)
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Copyright © 2010 K2Share, LCC. I thought it would never happen to me! H OW TO SAFEGUARD THE P RIVACY OF M IGRANT C HILDREN AND YOUR OWN ? NYS Migrant Education.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Protect Our Students Protect Ourselves
HIPAA Privacy and Security
Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.
Tomball Independent School District Annual Confidentiality Training
Privacy and Security Basics for CDSME Data Collection
Privacy & Confidentiality
FERPA Family Educational Rights and Privacy Act of 1974
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Managing Student Records Legally and Effectively
Welcome to the FERPA training for Faculty and Staff.
Prepared by the Office of the Registrar
FERPA For New Faculty Lawrence F. Glick Sr. Associate General Counsel
FERPA Basics.
FERPA Basics This video will cover the basics of FERPA.
HIPAA & PHI TRAINING & AWARENESS
TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.
Protecting Student Data
Confidentiality Training 2014
Family Educational Rights and Privacy Act of 1974
Presentation transcript:

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015

Participants will understand the updated 2015 NYS Migrant Education Policies & Procedures for handling confidential information Participants will be able to employ the tools demonstrated in this presentation to better enhance the security of their workplace At the end of the presentation, participants will be able to pass the “Training of Trainers” certification exam with a score of 90% or better 11/5/20152POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION

Definitions and examples 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION3

According to the GAO, Personally Identifiable Information is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION4

Any sort of name (first, last, maiden, mother’s maiden, alias, etc.) Government ID numbers such as SSN, driver’s license, passport Status information such as address, employment status, education status Telephone numbers (cell, home, business, etc.) Any additional information that can be linked to the information above (DOB, place of birth, etc.) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION5

Why should we protect Personally Identifiable Information? 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION6

The Family Educational Rights and Privacy Act (FERPA) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION7

Protects the disclosure of Personally Identifiable Information and educational records of students Governs who has access to this data 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION8

Schools officials with legitimate educational interest Other schools to which a student is transferring Specified officials for audit or evaluation purposes Appropriate parties in connection with financial aid to a student Organizations conducting certain studies for, or on behalf of, the school Accrediting organizations To comply with a judicial order or lawfully issued subpoena Appropriate officials in cases of health and safety emergencies State and local authorities within a juvenile justice system pursuant to specific state law 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION9

This important and commonly used document contains a considerable amount of PII Information from the COE, the databases associated with it (such as MSIX and MIS200), and related documents is private! Only access the necessary data to perform your job duties Only for official purposes related to providing services 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION10

Protocols and responsibilities to protect sensitive information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION11

Ensure only authorized employees have access to private information Tie actions taken to a specific user Ensure only employees have access to the information required by their position Ensure NYS Migrant Education information is not released without consent 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION12

Protect your logon credentials to your workstation, databases that you have access to, your accounts, etc. Never share your account passwords with anyone else. You are responsible for all actions taken with your credentials Staff should create STRONG passwords that use a combination of uppercase letters, lowercase letters, numbers, and symbols Passwords should be updated regularly 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION13

Physical documents containing PII should be kept in an area accessible only to staff that can be locked during non-business hours Computers should be locked with [Windows] + [L] or logged off whenever they are unattended Digital media containing migrant family information should be encrypted with appropriate software Proper destruction methods should be observed when disposing of physical or electronic media that contains this information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION14

Incidents, Social Engineering Attempts, s, Breaches 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION15

An incident is when you suspect or can confirm that migrant family information is at risk of being shared with an unauthorized party Can be a simple mistake, such as sending an with PII to the wrong recipient Can be the result of a computer virus infection Can be more malicious, such as an unauthorized party obtaining your credentials to databases Better safe than sorry- report any warning signs 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION16

Be aware of individuals around you who can see your keyboard as you type in passwords Be aware of social engineering and scams. These include phony calls from help desks claiming to offer support for a problem you were not aware of, or suspicious s asking you to click a link and enter your credentials 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION17

Attachments should be scanned with antivirus software, and suspicious attachments should not be downloaded PII should NEVER be put in the body of an , and should instead be sent as an encrypted attachment using appropriate encryption software Passwords to encrypted documents must be sent through alternative means outside of the Only refer to a migrant student or individual with a Unique ID number that is assigned to them, such as those assigned by MSIX or MIS2000 Include confidentiality notice at the bottom of s containing such attachments or information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION18

Microsoft Office & 7-zip 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION19

A breach is unauthorized access to information or a database with the intent to compromise the system Step 1: Contain the breach Step 2: Contact immediate supervisor Step 3: Contact the ID&R / MIS2000 director Step 4: Document the breach In many occasions, the ID&R / MIS2000 Director might request that you participate in a detailed evaluation of the events leading to the breach for official records, prevention, and other uses. 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION20

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION THANK YOU FOR ATTENDING!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.