1 / 11

Update on Privacy Issues at USU

Update on Privacy Issues at USU. October 10, 2013. USU Privacy Breaches. 5 breaches have already occurred in 2013 – more than in previous years. Breaches in the last 2 years could have affected over 21,100 individuals’ personal identification information and/or personal health information.

Download Presentation

Update on Privacy Issues at USU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Update on Privacy Issues at USU October 10, 2013

  2. USU Privacy Breaches • 5 breaches have already occurred in 2013 – more than in previous years. • Breaches in the last 2 years could have affected over 21,100 individuals’ personal identification information and/or personal health information.

  3. Washington Post Report Largest data breach in Federal Government history led to loss of 26.5 million veterans’ data

  4. Recent USU Privacy Breaches • PII & PHI located on personal computer and sent in unencrypted email • PII on an unencrypted external hard drive not issued by the university or government • Email with PII sent to unintended recipients • PII sent via an open distribution lists • Shared documents with PII using Google Apps • Stolen laptop from car with unencrypted PHI and PII • Stolen research laptop from home • PII uploaded to a publicly accessible server

  5. PII Definition – DoD 5411.11-R • Personally Identifiable Information – Information about an individual that identifies, links, relates, or is unique to, or describes him or her and is linked or linkable to a specified individual. • Social Security Number • Date of Birth • Passport Number • Financial account number • Biometric Identifiers • Mother’s maiden name • Birthplace • Credit card number • Home Address/Phone/Cell • Protected Health Information (PHI) • Full Name • Genetic information • Other personal information

  6. Consequences of Potential Breach Period of Investigation *US Computer Emergency Readiness Team

  7. Consequences of a Breach • Having individual certified registered letters sent to every potentially affected individual. • Providing Year-long credit monitoring through a 3rd party. • Example: monitoring credit costs ~$10 / person / year. A PII breach consisting of 3,000 research participants would cost the responsible department at least $30,000 / year. • Potentially incur a fine for violation of the Privacy Act (personnel and/or agency).

  8. Pop Quiz 1. What is the length of time from discovery of loss or suspected loss of PII that a Command or Unit must submit a report to U.S. Computer Emergency Readiness Team (CERT)? a. One hour b. Within 24 hours c. Two business days d. Up to one week

  9. Pop Quiz 2. Among the list below, what is the number one cause for USU PII/PHI breaches? a. Insider threat b. Computer hackers c. Human error d. Phishing

  10. Pop Quiz 3. Which of the following methods are safe for sending PII/PHI? • Personal email • USU .edu Google Mail • Encrypted email • .mil email • All of the above • None of the above

  11. Suggestions on the Way Ahead • Require online Privacy Training and annual refresher training • Create a University-wide centralize tracking system • Any other or better suggestions?????

More Related