© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Slides:

Advertisements

Similar presentations

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

Advertisements

Compliance with Federal Trade Commission’s “Red Flag Rule”

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.

Red Flag Rules: What they are? & What you need to do

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Springfield Technical Community College Security Awareness Training.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Protecting Personal Information Guidance for Business.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Red Flags Compliance How It Has Changed Customer Policies & Procedures Teresa Corlew, Vice President Customer Care Nashville Electric Service September.

Data Classification & Privacy Inventory Workshop

Information Security Policies Larry Conrad September 29, 2009.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Privacy and Security Risks in Higher Education

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Electronic Records Management: What Management Needs to Know May 2009.

Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.

2015 ANNUAL TRAINING By: Denise Goff

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.

Information Privacy: Public Policy and Institutional Policies Wendy Wigen Policy Analyst, EDUCAUSE Copyright Wendy Wigen, This work is the intellectual.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Status of identity and privacy related AZ Legislative bills April 20, 2006 Mike Keeling ATIC, Chair.

Red Flags Rule An Introduction County College of Morris

Employee Privacy and Privacy of Employee Information

CompTIA Security+ Study Guide (SY0-401)

Identity Theft Prevention Program Training

Lesson 1  7 Basic Components of an Effective Compliance Plan

Presentation transcript:

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security Task Force Coordinator Wendy Wigen Policy Analyst, EDUCAUSE

Information Privacy Information ~ data and personally identifiable Collection Storage Use Dissemination Privacy ~ loss of freedom Volume of information compiled about individuals without their knowledge Unauthorized access to information in computerized databases Electronic surveillance

Cyber Security - Public Policy Recent Legislation & Regulations HIPAA – Security Regulations Gramm-Leach-Bliley Act Safeguard Rules Proposed Legislation S Notification of Risk to Personal Data Act Prospects for Future Developments Info Security Governance & Accountability

Cyber Security - Implications Campus Policy Issues: Designate employee(s) to coordinate Conduct a risk assessment Inventory Assets Identify reasonably foreseeable risks Assess the sufficiency of safeguards in place to control these risks Design and implement safeguards to control the risks you identified through risk assessment Regularly test and monitor the effectiveness of the safeguards Procedural Issues: Confidentiality and Nondisclosure Breach notification Logging and monitoring Identification of departmental contacts Blocking network access Incident response Education & Awareness: Train Personnel Inform Users of Safeguards Raise Awareness 3 rd Party Services

Identity Theft – Public Policy Fair and Accurate Credit Transactions Act – Signed December 4 Will serve as model for privacy/ID theft Incorporates most Identity Theft proposals Prevention: SSN’s Credit Card truncation and red alerts i.e. address change/new card Victim Assistance: rights and education Enforcement: coordination and improved technology

Identity Theft - Implications Eliminate use of Social Security numbers as primary identifiers Identity Management Identity Theft Awareness & Resources

Privacy Policies – Public Policy Legislation & Regulations Family Education Rights & Privacy Act Maryland Data Security & Privacy Policies HIPAA – Security Regulations Proposed Legislation Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach- Bliley Act Prospects for Future Developments Notices that are useful & more readable Balancing “compliance” with “ethical” standards

Privacy Policies - Implications Complicated in large, decentralized academic institutions Collection and Disclosure of Personal Information Application to “paper” as well as “electronic” practices Training, Oversight, and Advocacy

SPAM – Public Policy CAN-SPAM Act: signed December 15 Work in progress: main goals Establish a National Law/ work toward an International agreement Target egregious spammers/ enable law enforcement Protect legitimate e-marketing/ establish standards

SPAM - Implications Referral of user complaints State Attorney General’s Office Department of Justice Federal Trade Commission Institutions pursuit of damages Acceptable Use Policy/Terms of Service Use of SPAM Filtering Software

USA PATRIOT Act – Public Policy SAFE Act ( Security and Freedom Ensured ) and Protecting the Rights of Individuals Act Addresses: Improved oversight of FBI/DoJ Expanded sunset provisions-demand review for renewal Restores pre-PATRIOT standards for search warrants Clarifies delayed notice or “Sneak and Peek” searches Exempts Libraries/booksellers from National Security Authorities (NSL’s) Strong counterbalance to DoJ/ signals awareness in Congress

USA PATRIOT Act – Implications Responding to Law Enforcement Requests Voluntary Disclosure of Information Logging and Monitoring Training of Personnel Notification to Users

For more information: EDUCAUSE D.C. Office (202)