Welcome Personally Identifiable Information (PII) Protection Training Training - PowerPoint PPT Presentation

Welcome personally identifiable information pii protection training training l.jpg
Download
1 / 30

Welcome Personally Identifiable Information (PII) Protection Training Training . Goal The purpose for today’s training program is to introduce you to your role and responsibilities to help ensure the security of personal data at Loyola. PII Training. Learning Objectives:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Welcome Personally Identifiable Information (PII) Protection Training Training

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Welcome personally identifiable information pii protection training training l.jpg

WelcomePersonally Identifiable Information (PII) Protection Training Training


Pii training l.jpg

Goal

The purpose for today’s training program is to introduce you to your role and responsibilities to help ensure the security of personal data at Loyola.

PII Training


Pii training3 l.jpg

Learning Objectives:

As a result of participating in today’s program you will:

Learn about Loyola’s Personally Identifiable Information (PII) Protection program

Gain a better understanding of your role and responsibilities to secure PII and other sensitive data at Loyola

PII Training


Slide4 l.jpg

Protecting Personally Identifiable Information

PII Training


Slide5 l.jpg

PII Training

  • Loyola recently approved policies covering:

  • Data Classification

  • Loyola Protected-Sensitive Data Identification

  • Physical Security of Loyola Protected-Sensitive Data

  • Electronic Security of Loyola Protected-Sensitive Data

  • Disposal of Loyola Protected-Sensitive Data

  • Loyola Encryption

  • Data Breach Response

  • Compliance Review

  • The policies are online at http://luc.edu/its/policies.shtml


Slide6 l.jpg

PII Training

  • All data produced by employees of Loyola University Chicago during the course of University business will be classified as:

    • Loyola Protected Data

    • Loyola Sensitive Data

    • Loyola Public Data

      (Definitions on next slide)


Pii training7 l.jpg

Definitions

Loyola Protected data (LPro data)

Protected by Federal, state, or local laws

Includes SSNs, credit card numbers, bank account info, driver’s license numbers, personal health info, FERPA info, etc

Loyola Sensitive data (LSen data)

Not covered by laws, but information that Loyola would not distribute to the public

Classified by department that created the data

Loyola Public data (LPub data)

Information that Loyola is comfortable distributing to the general public.

PII Training


Pii training8 l.jpg

Changes

in how your department handles

Loyola data

PII Training


Pii training9 l.jpg

Data Stewards

All departments will have at least one data steward

The data steward(s) help coordinate activities that your department must perform every 6 months to ensure compliance with the policies

They will send you an email asking you to run a piece of software, then they will schedule a time to review the results with you

PII Training


Pii training10 l.jpg

Changes for Paper documents

Limit access to department workspaces that store LPro or LSen data in paper form

Use your badge or key to access the area

Do not allow the public to access those areas

Use approved shredders to dispose of documents (in accordance with your department’s retention policy)

LPro or LSen data should only be sent to printers and faxes in secured areas

Properly store LPro or LSen documents; avoid leaving protected information on desks and other work areas

PII Training


Pii training11 l.jpg

Changes for electronic documents

Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form

LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted

ITS will provide instructions for installing the encryption software for those users that need it

PII Training


Pii training12 l.jpg

Preferred storage for remote access

LPro or LSen data preferred storage for remote access

Network drives (VPN + Remote Desktop)

Laptop w/ encryption software

PDA/Blackberry/Smartphone w/ encryption

Portable drive w/ encryption software

CD/DVD/disk as an encrypted file

PII Training


Pii training13 l.jpg

Disposal of LPro or LSen data

Paper – Shred either through shredding service or approved personal shredder

Electronic – Contact ITS for proper disposal

If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal

PII Training


Pii training14 l.jpg

Encryption of data

Encryption will be provided by ITS

Electronic data transfers must be secured

Methods for transferring encrypted emails are available from ITS

LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted

ITS will assist in configuration and training for department-specific issues on an as-needed basis

PII Training


Pii training15 l.jpg

Report possible breaches / exposures

Call 86086 / 773-508-6086

Email datasecurity@luc.edu

Go to anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

PII Training


What you ll be asked to do l.jpg

Run Scanning software (Spider) when asked by your data steward

Schedule a time with your data steward to review the results of your spider log file

If your data steward says you need encryption software, install encryption software on your machine or call ITS to schedule an installation

Follow the policies listed previously

What You’ll Be Asked To Do


How do i run spider l.jpg

Log in to your computer normally

Empty your Internet Explorer cache (Open IE -> Tools -> Internet Options -> Delete -> Delete Files)

Select Start -> Loyola Software -> Useful Tools -> Spider Scanner

This will install and run the spider tool

The spider tool will scan your computer for files that might contain PII

How Do I Run Spider?


How do i run spider18 l.jpg

You can continue working while it scans

When complete, it will close and leave a file on your desktop

Please do not do anything to this file until your data steward reviews it with you

Let your data steward know that you are ready to review your spider log with them

How Do I Run Spider?


How do we review a spider file l.jpg

Your data steward will schedule a time to go over the log file with you

Log in to your computer normally when the data steward is there

The data steward will open up the Spider log file using the Spider program

Review the entries in the Spider log file with your data steward

How Do We Review a Spider File?


How do we review a spider file20 l.jpg

As you open each file in the log, scan it to determine if it contains Social Security number or credit card numbers

The file will contain a large number of “false positives” – such as files that contain a 9-digit number that is not a SSN

Your data steward will record information about your machine

If your data steward indicates that you need the encryption software, install it on your computer

How Do We Review a Spider File?


How do i install encryption software l.jpg

Preparation

Only for Windows machines – does not work on Mac, Linux, or other computer types

Save all of your work and close all open programs

Initial installation can take up to 15 minutes, and the encryption can take up to 2 hours

Computer is usable while encrypting data, but will run slightly slower

You may want to begin this process 20 minutes before you leave for the evening

How Do I Install Encryption Software?


How do i install encryption software22 l.jpg

Save your work and close all your programs

Start -> Loyola Software -> Useful Tools -> SafeGuard Easy Install

Click Yes to begin, which will make your machine automatically reboot

The program will check your hard drive for errors, and reboot several times

Login when you see the login prompt

How Do I Install Encryption Software?


How do i install encryption software23 l.jpg

After logging in, the program will install more software, then reboot two more times

Login again

You will see an image showing how to tell the encryption is present – close this image

At this point the encrypting is beginning – as long as the machine is on it will continue to encrypt, even if locked or logged off

Call ITS if you need assistance

How Do I Install Encryption Software?


Short version install encryption l.jpg

Save open documents, close programs

Launch installer, click yes, computer will reboot

Login when you are able to, computer will reboot automatically

Login when you are able to, close encryption picture that appears

Encryption will occur while machine is on – even if locked or logged off

Short Version – Install Encryption


Encryption questions l.jpg

Will this affect USB devices?No – it only encrypts your internal hard drive

Will this affect email?No – ITS has a separate program available if you need to encrypt email

How will this change how I use my computer?It shouldn’t change anything – the encryption should be invisible to the user

How can I tell it is installed?A yellow key on your hard drive icon indicates it is now encrypted

Encryption Questions


Pii training26 l.jpg

Tools and Resources

ITS Contact

Joe Bazeley

jbazele@luc.edu

773-508-6086 / 86086

Policies

Reporting breaches

Email datasecurity@luc.edu

Anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

PII Training


Summary l.jpg

In closing, each one of us plays an important role in ensuring that our department is in and remains in compliance with Loyola University’s policies for protecting Personally Identifiable Information

Summary


Summary notes about major changes l.jpg

Badge/key access restrictions

Printers and faxes in secure areas

Use approved shredders

Secure desk when not around

Encryption of computers

Cannot store LPro or LSen data on unencrypted computers

Store files on network drives for remote access

Summary – notes about major changes


Pii training29 l.jpg

Questions?

PII Training


Pii training30 l.jpg

Thank you

for

Your participation

PII Training


  • Login