Presentation is loading. Please wait.

Presentation is loading. Please wait.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Published byClinton Mitchell Modified over 7 years ago

Similar presentations

Presentation on theme: "POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015."— Presentation transcript:

1 POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015

2 Participants will understand the updated 2015 NYS Migrant Education Policies & Procedures for handling confidential information Participants will be able to employ the tools demonstrated in this presentation to better enhance the security of their workplace At the end of the presentation, participants will be able to pass the “Training of Trainers” certification exam with a score of 90% or better 11/5/20152POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION

3 Definitions and examples 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION3

4 According to the GAO, Personally Identifiable Information is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION4

5 Any sort of name (first, last, maiden, mother’s maiden, alias, etc.) Government ID numbers such as SSN, driver’s license, passport Status information such as address, employment status, education status Telephone numbers (cell, home, business, etc.) Any additional information that can be linked to the information above (DOB, place of birth, etc.) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION5

6 Why should we protect Personally Identifiable Information? 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION6

7 The Family Educational Rights and Privacy Act (FERPA) 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION7

8 Protects the disclosure of Personally Identifiable Information and educational records of students Governs who has access to this data 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION8

9 Schools officials with legitimate educational interest Other schools to which a student is transferring Specified officials for audit or evaluation purposes Appropriate parties in connection with financial aid to a student Organizations conducting certain studies for, or on behalf of, the school Accrediting organizations To comply with a judicial order or lawfully issued subpoena Appropriate officials in cases of health and safety emergencies State and local authorities within a juvenile justice system pursuant to specific state law 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION9

10 This important and commonly used document contains a considerable amount of PII Information from the COE, the databases associated with it (such as MSIX and MIS200), and related documents is private! Only access the necessary data to perform your job duties Only for official purposes related to providing services 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION10

11 Protocols and responsibilities to protect sensitive information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION11

12 Ensure only authorized employees have access to private information Tie actions taken to a specific user Ensure only employees have access to the information required by their position Ensure NYS Migrant Education information is not released without consent 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION12

13 Protect your logon credentials to your workstation, databases that you have access to, your email accounts, etc. Never share your account passwords with anyone else. You are responsible for all actions taken with your credentials Staff should create STRONG passwords that use a combination of uppercase letters, lowercase letters, numbers, and symbols Passwords should be updated regularly 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION13

14 Physical documents containing PII should be kept in an area accessible only to staff that can be locked during non-business hours Computers should be locked with [Windows] + [L] or logged off whenever they are unattended Digital media containing migrant family information should be encrypted with appropriate software Proper destruction methods should be observed when disposing of physical or electronic media that contains this information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION14

15 Incidents, Social Engineering Attempts, Emails, Breaches 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION15

16 An incident is when you suspect or can confirm that migrant family information is at risk of being shared with an unauthorized party Can be a simple mistake, such as sending an email with PII to the wrong recipient Can be the result of a computer virus infection Can be more malicious, such as an unauthorized party obtaining your credentials to databases Better safe than sorry- report any warning signs 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION16

17 Be aware of individuals around you who can see your keyboard as you type in passwords Be aware of social engineering and scams. These include phony calls from help desks claiming to offer support for a problem you were not aware of, or suspicious emails asking you to click a link and enter your credentials 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION17

18 Attachments should be scanned with antivirus software, and suspicious attachments should not be downloaded PII should NEVER be put in the body of an email, and should instead be sent as an encrypted attachment using appropriate encryption software Passwords to encrypted documents must be sent through alternative means outside of the email Only refer to a migrant student or individual with a Unique ID number that is assigned to them, such as those assigned by MSIX or MIS2000 Include confidentiality notice at the bottom of emails containing such attachments or information 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION18

19 Microsoft Office & 7-zip 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION19

20 A breach is unauthorized access to information or a database with the intent to compromise the system Step 1: Contain the breach Step 2: Contact immediate supervisor Step 3: Contact the ID&R / MIS2000 director Step 4: Document the breach In many occasions, the ID&R / MIS2000 Director might request that you participate in a detailed evaluation of the events leading to the breach for official records, prevention, and other uses. 11/5/2015POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION20

21 POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION THANK YOU FOR ATTENDING!

Download ppt "POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015."

Similar presentations

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.
FERPA - Sharing Student Information

FERPA - Sharing Student Information
Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
SPECIAL EDUCATION Professional Development Policy 2419/Medicaid/IEP.

SPECIAL EDUCATION Professional Development Policy 2419/Medicaid/IEP.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
FERPA What You Need to Know as a Wayne State Student Prepared by the Office of the Registrar.

FERPA What You Need to Know as a Wayne State Student Prepared by the Office of the Registrar.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.

FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
FERPAFERPA Family Educational Rights and Privacy Act.

FERPAFERPA Family Educational Rights and Privacy Act.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of 1974. Is also referred.

FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of Is also referred.
FERPA The Family Educational Rights and Privacy Act.

FERPA The Family Educational Rights and Privacy Act.

Similar presentations

Ads by Google