Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Published byClinton White Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security."— Presentation transcript:

1 © 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security Task Force Coordinator Wendy Wigen Policy Analyst, EDUCAUSE

2 Information Privacy Information ~ data and personally identifiable Collection Storage Use Dissemination Privacy ~ loss of freedom Volume of information compiled about individuals without their knowledge Unauthorized access to information in computerized databases Electronic surveillance

3 Cyber Security - Public Policy Recent Legislation & Regulations HIPAA – Security Regulations Gramm-Leach-Bliley Act Safeguard Rules Proposed Legislation S. 1350 Notification of Risk to Personal Data Act Prospects for Future Developments Info Security Governance & Accountability

4 Cyber Security - Implications Campus Policy Issues: Designate employee(s) to coordinate Conduct a risk assessment Inventory Assets Identify reasonably foreseeable risks Assess the sufficiency of safeguards in place to control these risks Design and implement safeguards to control the risks you identified through risk assessment Regularly test and monitor the effectiveness of the safeguards Procedural Issues: Confidentiality and Nondisclosure Breach notification Logging and monitoring Identification of departmental contacts Blocking network access Incident response Education & Awareness: Train Personnel Inform Users of Safeguards Raise Awareness 3 rd Party Services

5 Identity Theft – Public Policy Fair and Accurate Credit Transactions Act – Signed December 4 Will serve as model for privacy/ID theft Incorporates most Identity Theft proposals Prevention: SSN’s Credit Card truncation and red alerts i.e. address change/new card Victim Assistance: rights and education Enforcement: coordination and improved technology

6 Identity Theft - Implications Eliminate use of Social Security numbers as primary identifiers Identity Management Identity Theft Awareness & Resources

7 Privacy Policies – Public Policy Legislation & Regulations Family Education Rights & Privacy Act Maryland Data Security & Privacy Policies HIPAA – Security Regulations Proposed Legislation Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach- Bliley Act Prospects for Future Developments Notices that are useful & more readable Balancing “compliance” with “ethical” standards

8 Privacy Policies - Implications Complicated in large, decentralized academic institutions Collection and Disclosure of Personal Information Application to “paper” as well as “electronic” practices Training, Oversight, and Advocacy

9 SPAM – Public Policy CAN-SPAM Act: signed December 15 Work in progress: main goals Establish a National Law/ work toward an International agreement Target egregious spammers/ enable law enforcement Protect legitimate e-marketing/ establish standards

10 SPAM - Implications Referral of user complaints State Attorney General’s Office Department of Justice Federal Trade Commission Institutions pursuit of damages Acceptable Use Policy/Terms of Service Use of SPAM Filtering Software

11 USA PATRIOT Act – Public Policy SAFE Act ( Security and Freedom Ensured ) and Protecting the Rights of Individuals Act Addresses: Improved oversight of FBI/DoJ Expanded sunset provisions-demand review for renewal Restores pre-PATRIOT standards for search warrants Clarifies delayed notice or “Sneak and Peek” searches Exempts Libraries/booksellers from National Security Authorities (NSL’s) Strong counterbalance to DoJ/ signals awareness in Congress

12 USA PATRIOT Act – Implications Responding to Law Enforcement Requests Voluntary Disclosure of Information Logging and Monitoring Training of Personnel Notification to Users

13 For more information: EDUCAUSE D.C. Office http://www.educause.edu/policy (202)872.4200 rpetersen@educause.edu wwigen@educause.edu

Download ppt "© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security."

Similar presentations

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.

Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Red Flags Compliance How It Has Changed Customer Policies & Procedures Teresa Corlew, Vice President Customer Care Nashville Electric Service September.

Red Flags Compliance How It Has Changed Customer Policies & Procedures Teresa Corlew, Vice President Customer Care Nashville Electric Service September.

Similar presentations

Ads by Google