1 / 9

Safeguarding Sensitive Information

Safeguarding Sensitive Information. Agenda. Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This Ever Happened to You? Contract to Safeguard Sensitive Information Wrap-up. Our Obligation: Laws and Regulations.

Download Presentation

Safeguarding Sensitive Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Safeguarding Sensitive Information

  2. Agenda • Overview • Why are we here? • Roles and responsibilities • Information Security Guidelines • Our Obligation • Has This Ever Happened to You? • Contract to Safeguard Sensitive Information • Wrap-up

  3. Our Obligation: Laws and Regulations • Massachusetts data breach law/regulations • Definition of personal information • Obligation for notification when exposed • Data destruction requirements • Requirement to have written information security program (WISP) • Company policy • Privacy and disclosure of information • Information policies

  4. Types of Sensitive Information Sensitive regulated information requiring notification Sensitive regulated information not requiring notification Sensitive information

  5. Sensitive Regulated Information Requiring Notification Personal Information Requiring Notification • Social Security # • Credit Card # • Financial Account # • Driver’s License # Notification required ifthere was a potentialfor unauthorized use! Inform Information Security Team

  6. Sensitive Regulated Information Not Requiring Notification • HIPAA (Health Insurance Portability and Accountability Act) • Information related to health status, provision of health care, or payment of health care • FMLA • Information related to Family & Medical Leave Act • FERPA • Student records Inform HR Information Security Team

  7. Sensitive Information Date of birth Home address Salary information Performance/disciplinary information Other? Inform HR Information Security Team

  8. Key Take-Aways • Massachusetts law and company policy impact how certain sensitive data are handled EVERYONE is responsible for compliance • Know what sensitive data you have • Develop good computing practices • Follow HR Information Security Guidelines • Report a potential breach to HR Information Security Team

  9. Key Take-Aways • If you can’t protect it – don’t collect it • You can’t lose what you don’t have • Know what you have • You can’t protect what you don’t know you have

More Related