Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services.

Slides:



Advertisements
Similar presentations
A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Protecting Personal Information Guidance for Business.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
SL21 Information Security Board Mission, Goals and Guiding Principles.
Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Red Flags Rule & Municipal Utilities
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
David A. Brown Chief Information Security Officer State of Ohio
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Welcome to. New Employee Orientation Business Services Tim Michalski Director of Business Services Institutional Compliance Officer
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
© Chery F. Kendrick & Kendrick Technical Services.
Red Flags Compliance How It Has Changed Customer Policies & Procedures Teresa Corlew, Vice President Customer Care Nashville Electric Service September.
Data Classification & Privacy Inventory Workshop
Information Security Policies and Standards
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.
House Committee on Business and Industry House Bill Implementation of Closed Account Notification System Texas Department of Banking April 22, 2008.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
2015 ANNUAL TRAINING By: Denise Goff
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Florida Information Protection Act of 2014 (FIPA).
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
R ed F lag R ule Training for the Medical Industry © Chery F. Kendrick & Kendrick Technical Services.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
© Copyright 2010 Hemenway & Barnes LLP H&B
Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
5/18/2006 Department of Technology Services Security Architecture.
Policy, Standards, Guidelines. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Information Technology Acceptable Use An Overview
An Update on FERPA and Student Privacy
Florida Information Protection Act of 2014 (FIPA)
Data Compromises: A Tax Practitioners “Nightmare”
Florida Information Protection Act of 2014 (FIPA)
Protecting Personal Information Guidance for Business.
General Counsel and Chief Privacy Officer
Red Flags Rule An Introduction County College of Morris
County HIPAA Review All Rights Reserved 2002.
Level 2 Diploma Unit 11 IT Security
Identity Theft Prevention Program Training
Introduction to the PACS Security
Presentation transcript:

Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services Enterprise Security Office

Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Administrative Administrative 1.1 Appoint one or more employees to coordinate the security program 2.1 Establish formal, written security policies 3.1 Establish standard operating procedures 4.1 Conduct ongoing security risk assessments

Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Technical Technical 1.1 Control access to information that resides on data storage devices such as servers, desktop PCs, laptops and PDAs 3.4 Have shutdown controls when computers are idle or inactive 6.4 Change all vendor-supplied default passwords

Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Physical Physical 2.1 Establish physical access controls 3.1 Install secure checkpoint review and monitoring procedures 4.1 Secure the facility include all storage devices and computer equipment

Tools and Templates Notification Best Practices Checklist Notification Best Practices Checklist Security Breach Security Breach 1.3 Establish a process for determining whether notice is legally mandated or otherwise appropriate. 3.5 Develop a list of FAQ’s and post on the Agency Web site (see attached Sample) 4.1 Determine who has been affected, and notify each affected individual when possible. Double-check the list of recipients before sending.

Tools and Templates Best Practices Checklist Best Practices Checklist Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf

Tools and Templates Sample Letters Sample Letters ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf Sample FAQ Sample FAQ Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf)

Additional Resources Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft December 10 and 11, Washington D.C. December 10 and 11, Washington D.C. A live web cast will be available A live web cast will be available Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves. Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves.

Additional Resources Oregon Department of Justice - Credit and Identity Theft Oregon Department of Justice - Credit and Identity Theft Federal Trade Commission – Identity Theft Federal Trade Commission – Identity Theft

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.