Privacy and Information Management ICT Guidelines.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Welcome to the SPH Information Security Learning Module.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Training. What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in It provides the ability to transfer.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Complying with Privacy to Enable Innovation & Research
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
Information Security Awareness:
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Protecting Sensitive Information PA Turnpike Commission.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Practical Information Management
Securing Information in the Higher Education Office.
ESCCO Data Security Training David Dixon September 2014.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.
University Health Care Computer Systems Fellows, Residents, & Interns.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Children’s Hospital Requirements for Remote Access.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
HIPAA Health Insurance Portability and Accountability Act of 1996.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
Government Agency’s Name April  At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Information Management and the Departing Employee.
Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
HIPAA Privacy What Every Staff Member Needs to Know.
Protect Our Students Protect Ourselves
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA Privacy & Security
Top 10 HIPAA Do’s and Don’ts
Protection of CONSUMER information
HIPAA Online Student Orientation
Staying Austin College
Privacy & Access to Information
Welcome to the SPH Information Security Learning Module
Information management and communication
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Good Spirit School Division
General Data Protection Regulation Q & A Session
Move this to online module slides 11-56
Handling Information Securely
Protecting Student Data
Presentation transcript:

Privacy and Information Management ICT Guidelines

Every one of us has a responsibility to safeguard the personal information we deal with on a daily basis.

Access to Personal Information Under the Education Act, Board employees are granted the right to access an individual’s personal information, when that access is directly tied to the needs of the role.

What is Personal Information? Under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), “personal information” is any recorded information that can identify an individual, such as: demographic information such as name, address, phone ethnic background medical and/or health records student achievement employment history criminal history

What is Consent? Under the Education Act, school boards have the authority to collect personal information about students when they register. Consent is explicit as parents fill in the information and provide it to the school personally at the time of registration Informed consent is when it is defined for parents why you’re collecting, what you’re collecting, what you will do with it and who you will share it with It’s when the information has to be shared with others that problems can arise. There are some good basic rules to follow, however.

Seven Virtues of Privacy Protection The Information and Privacy Commissioner of Ontario and the Access and Privacy Office of the Ontario government offer advice for safeguarding personal information: 1.Collect only as much personal information as you need to do your job. 2.Collect information directly from individuals, or for students under 18, directly from their parents or guardians – not from third parties. 3.Explain why you need to collect the information and exactly how it will be used.

Seven Virtues of Privacy Protection 4.Get consent from students, or for students under 18, from parents, for the collection, storage and use of personal information. 5.Store personal information securely. Keep hard copies under lock and key, such as in a locked filing cabinet; keep electronic documents on a password-protected computer. A clean desk will help prevent sensitive information being misplaced or stolen.

Seven Virtues of Privacy Protection 6.When in doubt, ask for advice from the school principal or the board staff member in charge of privacy. (Ontario law requires every board to have one such contact person.) 7.When you no longer need the personal information to do your job, destroy it by shredding paper documents or securely erasing electronic ones.

Sensitive information is at your fingertips throughout your work day In many formats – electronic, hard copy, verbal How Does it Affect Me??

Common Daily Practices Always lock your laptop or workstation when away from your desk ( Windows-L) Make sure your screen is not visible to others if displaying personal information (Windows-D will minimize all open windows) Put papers or files away securely when not working with them

Common Daily Practices - continued Double-check which printer you’re sending to before you hit “ok” and immediately collect sensitive documents Dispose of sensitive information in designated shredding bins

Laptops & Other Mobile Devices Always encrypt or password protect your USB keys, external drives, etc. Never keep your only copy on a USB or other device – make sure to have another copy on a board file share. Do not save board information on a personal device. Use a protected USB key and work from that. Never auto-forward your FirstClass to a personal device or account.

Laptops & Other Mobile Devices – continued Never leave your laptop in a car. Lock it in the trunk before leaving for your destination, if you’re not going straight home or to work. Physically lock your laptop up when not in use (cable lock, locked cabinet, etc.) Never keep the only copy of a file on the laptop– make sure to have another copy on a board file share or home drive

Laptop and Other Mobile Devices - continued If your laptop is lost or stolen, you need to report it immediately to your Principal KNOW what is on it Don’t load unauthorized or unsupported applications. They can pose a huge risk to privacy of information. (i.e. - shareware such as LimeWire)

Good Password Management Passwords are now being synchronized to help you remember. Where you used to have a password for each system, you now have one password to MANY systems, including your HR system. While this is easier for you, it raises the risk of disclosure if you don’t follow the rules…

Good Password Management Never write your passwords down where they can be viewed by others (sticky notes, labels, etc.) Never share your password with anyone else Don’t log anyone else onto a computer with your password Follow the Administrative Regulations for password management

A Quick Re-cap The protection of an individual’s personal information is mandated by law Electronic access to significant quantities of personal information has never been so high Where we are the stewards, we are all accountable Common sense and good practice will go a long way to protect the information in our care

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.