1 / 17

Ensuring Data Confidentiality: Policies, Responsibilities, and Best Practices

This draft outlines essential practices for maintaining data confidentiality within the organization. It covers the classification of confidential data, including sensitive and restricted information, and defines the roles and responsibilities of administrators, faculty, students, and staff. The document emphasizes the importance of compliance with regulations such as HIPAA and FERPA, outlines security awareness topics, and addresses penalties for misuse. It also provides checklists for ensuring compliance, training programs, and incident response procedures necessary for safeguarding sensitive data against breaches.

metea
Télécharger la présentation

Ensuring Data Confidentiality: Policies, Responsibilities, and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KeepItConfidential This is a draft Prepared by: Security Architecture Collaboration Team

  2. Data Confidentiality • What data is considered confidential? • Data Classification • Public • Campus maps • Sensitive • Contractual obligation to protect • Right to Know • Restricted • Required by law • HIPAA • FERPA

  3. Data Confidentiality • Remember the 3R’s • Roles • Rules • Responsibility

  4. Roles • System Administrator/Technical • Management • Faculty • Student • Staff

  5. Rules • PASSHE Policy • Employment Contract • Confidentiality Policy • Risk Assessment

  6. Responsibility • Everyone

  7. Responsibility • Individual accountability • System Administrators and Managers • Responsible for safeguarding confidential data • Responsible for compliance • Responsible for persons under their supervision • Faculty • Responsible for confidential data to which they have access • Bio/Demo data (including DOB and SSN) • Student Grades and historical data • Students • Responsible for managing their own confidential data • Log out of session • Do not share passwords • Staff • Responsible for confidential data to which they have access • Bio/Demo data (including DOB and SSN) • Student Grades and historical data • Salary Information

  8. User Security Awareness • Topics • Password use and management • Virus protection • Phishing/Spam • Laptop/Handheld Device • Access privileges • Data backup and storage • Incident response

  9. Security Breaches • Follow designated policies and procedures

  10. Misuse Penalties • Civil and Criminal • Conflict of Interest • Disciplinary Action

  11. Checklist • Policies and procedures are in place • Data submissions are fully protected • Data encryption • Data transfer agreement • Penalties for misuse are in writing and are enforced • Access to data is restricted based on University role • Electronic • Data storage areas • Employees sign and understand confidentiality agreement

  12. Checklist • Timely threat notifications • Security Breaches • Affects institutions’ finances, productivity and credibility • Cybercrime • Hacking • Malware • Phishing • USB drives

  13. Checklist • Training program has been developed • Re-training conducted based on performance • Routine evaluations are conducted • Developed a disaster and recovery plan • Firewalls are in place • Routine virus checking, system audits and diagnostics • Data retention schedule

  14. Checklist • Notation on all records containing identifiable data (e.g. confidentiality reminder) • Telecommuting and home offices • Same level of security • Additional safeguards • Minimal data on home computer • Security Software • Password control • Secure transport from one location to another

  15. Checklist • Open-access area security • Written data not left out in the open • Log out of sessions • Fax/Copy machines • Secure area • Cover sheets • De-program to recover confidential information • Established document disposal procedures • Protection of hard copy information • Written consent to release to outside agencies • Double check before providing information

  16. Confidentiality Agreement

  17. Resources • PASSHE • National Cyber Security Alliance (NCSA) • http://www.staysafeonline.org

More Related