Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Data Management Indiana University HR Summit April 24, 2014.

Published byWendy Little Modified over 9 years ago

Similar presentations

Presentation on theme: "Critical Data Management Indiana University HR Summit April 24, 2014."— Presentation transcript:

1 Critical Data Management Indiana University HR Summit April 24, 2014

2 INDIANA UNIVERSITY University Human Resources www.threatgeek.com

3 Classifications of data IU has four classifications of data that define the access, handling, and the proper disposal of data.  Public  University Internal  Limited Access/Restricted  Critical INDIANA UNIVERSITY University Human Resources

4 Data Classified as Public Open access (except CANNOT be used for commercial purposes) Examples of HRMS data classified as Public:  Name  Job Title  Salary/Wages  Work address & phone  Dates of first and last employment INDIANA UNIVERSITY University Human Resources

5 Data Classified as University Internal Accessible by eligible employees in order to conduct university business. Examples of HRMS data classified as University Internal:  University ID (employee ID)  Preferred name  Compensation frequency  IU Job funding account numbers INDIANA UNIVERSITY University Human Resources

6 Data Classified as Limited Access/Restricted Requires high level of protection and specific authorization. Selective access may be granted. Examples of HRMS data classified as Limited Access/Restricted:  Date of birth/Age  Gender  Ethnicity  Home address/home phone  Benefit enrollment information  Payroll information (taxes, deductions, etc.)

7 Data Classified as Critical Requires the very highest level of protection. Specific authorization required. HRMS data classified as Critical:  Social Security Number  Direct deposit bank account numbers

8 INDIANA UNIVERSITY University Human Resources

9 Inappropriate handling of Critical data can result in: Criminal or civil penalties  2 Indiana state laws exist related to unauthorized disclosure of SSN and insecure disposal of personal information Identity theft or personal financial loss Invasion of privacy

10 Unauthorized disclosure of Critical data If at any time you think you may have had an unauthorized disclosure or exposed any Critical information, please immediately:  Call your Support Center or Network Operations Center  Send details to it-incident@iu.edu

11

12 Highlights from: “Protecting Red-Hot Data” Flippy book can be found here: http://protect.iu.edu/cybersecurity/ training/downloads http://protect.iu.edu/cybersecurity/ training/downloads “Staying Safe Online” bookmark: https://protect.iu.edu/sites/default/f iles/StaySafeOnlineBookmark.pdf

13 Safeguarding data Don’t be a phishing scam victim. Reputable organizations will never ask for personal data, account numbers, or passwords via email. Don’t open files from strangers and ensure that files from friends are legitimate. Use strong passphrases: include combos of lower and uppercase letters, numbers, and symbols.

14 Safeguarding data NEVER share passwords or passphrases. ALWAYS log off or lock your workstation when you step away, even for a moment. Use VPN as often as possible when using public Wi-fi. Access HRMS employee data only in the conduct of university business.

15 Safeguarding data Respect the confidentiality and privacy of individuals whose records you may access. Do not access or use any HRMS data for your own personal gain or profit, or the personal gain or profit of others, or to satisfy your personal curiosity. Observe any ethical restrictions that apply to data to which you have access, and abide by applicable laws or policies with respect to access, use, or disclosure of information.

16 Collecting Critical or Limited Access/Restricted data Do not collect it unless absolutely required for business need Utilize university ID instead of SSN where possible If you received the information from another source, DIRECT THE SOURCE not to provide it to you anymore and DISPOSE of it securely

17 Storing Critical or Limited Access/Restricted data Electronic: Always store on secure departmental servers  NEVER store this information on your desktop, PDA, USB drive, or any mobile device unless you have written approval from your unit AND the information is encrypted on the device

18 Storing Critical or Limited Access/Restricted data Paper: Ensure that records are kept in locked file cabinets/storage rooms that are access controlled

19 Sharing Critical or Limited Access/Restricted data Do not disclose except as specifically required by your job responsibilities Reduce risk by providing the minimal amount of information required to meet the business need. Do not provide this data when someone requests it in person, in writing, or by phone unless you have secured approval due to it being required or allowable by law or policy.

20 Sharing Critical or Limited Access/Restricted data Paper:  Hand deliver  Use reliable transport or couriers (Purchasing maintains a list)

21 Sharing Critical or Limited Access/Restricted data Electronic:  Do not send via email unless absolutely required for business need  If required, add the word “Confidential” to the email subject line so the file will be encrypted if it leaves the IU network (Cisco Registered Envelope Service)  To share files, use Slashtmp: https://www.slashtmp.iu.edu https://www.slashtmp.iu.edu

22 Retaining Critical or Limited Access/Restricted data Retain only as long as is required for business or compliance needs

23 Disposing of Critical or Limited Access/Restricted data Paper:  Shred (Purchasing has a list of approved document destruction vendors) Electronic:  Delete files containing “critical” data as soon as business need is fulfilled  If disposing of hard drive, IU policy requires wiping or destroying prior to disposal or transfer outside the university

24 Proper use and handling of university data is EVERY employee’s responsibility!

25 Summary Safeguard university data like it’s your own Collect only what is absolutely required Store securely Share only what is required and use a secure method for sharing Retain only as long as needed Dispose using best practice tools and techniques

26 Remember - don’t be Dave!

27 Questions?

Download ppt "Critical Data Management Indiana University HR Summit April 24, 2014."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
Employee Self-Service (ESS). Agenda Introduction 1 Terminology 2 Employee Self-Service Components 3 More Information 4 Questions & Answers 5.

Employee Self-Service (ESS). Agenda Introduction 1 Terminology 2 Employee Self-Service Components 3 More Information 4 Questions & Answers 5.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

Similar presentations

Ads by Google