Welcome personally identifiable information pii protection training for data stewards
Download
1 / 35

Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards - PowerPoint PPT Presentation


Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards. Goal

Related searches for Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards ' - mike_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Welcome personally identifiable information pii protection training for data stewards l.jpg

WelcomePersonally Identifiable Information (PII) Protection Training for Data Stewards


Data steward training l.jpg

Goal

The purpose for today’s training program is to introduce you to a collection of policies designed to protect Personally Identifiable Information (PII) and to your role and responsibilities as a Data Steward.

Data Steward Training


Data steward training3 l.jpg

Learning Objectives:

As a result of participating in today’s program you will:

Learn about Loyola’s Personally Identifiable Information (PII) Protection program

Gain a better understanding of your role and responsibilities as a Data Steward

Acquire a list of tools and resources that can support you in your role as a Data Steward

Data Steward Training


Data steward training4 l.jpg

Agenda

The Challenge of Protecting PII

Loyola’s Process for Protecting PII

Your Role in Protecting Loyola’s PII

Tools and Resources

Data Steward Training


Data steward training5 l.jpg

Guidelines

Program length: 60 minutes

Ask questions – participate

Data Steward Training



Slide7 l.jpg

Data Steward Training

  • Loyola recently approved policies covering areas:

  • Data Classification

  • Loyola Protected & Sensitive Data Identification

  • Physical Security of Loyola Protected & Sensitive Data

  • Electronic Security of Loyola Protected & Sensitive Data

  • Disposal of Loyola Protected & Sensitive Data

  • Loyola Encryption

  • Compliance Review

  • Data Breach Response


Slide8 l.jpg

Data Steward Training

  • All data produced by employees of Loyola University Chicago during the course of University business will be classified as one of these three types of data:

    • Loyola Protected Data

    • Loyola Sensitive Data

    • Loyola Public Data

      (Definitions on next slide)


Data steward training9 l.jpg

Definitions

Loyola Protected data (LPro data)

Protected by Federal, state, or local laws

Includes SSNs, credit card numbers, bank account info, driver’s license numbers, personal health info, FERPA info, etc

Loyola Sensitive data (LSen data)

Not covered by laws, but information that Loyola would not distribute to the public

Determined by the department that created the data

Loyola Public data (LPub data)

Information that Loyola is comfortable distributing to the general public.

Data Steward Training


Data steward training10 l.jpg

Role & Responsibilities

for Data Stewards

Data Steward Training


Data steward training11 l.jpg

The primary responsibility of a data steward is to help their department identify locations of Personally Identifiable Information (PII)

The data steward will also produce documentation used by ITS and your department indicating where PII is located in the department

Data Steward Training


Data steward training12 l.jpg

Responsibilities their department identify locations of Personally Identifiable Information (PII)

Identify computers that store or access Loyola Protected or Loyola Sensitive data

Conduct systems scan every 6 months

Use software scanning tool that flags possible LPro information

Record information from the scanning software tool in a spreadsheet for ITS and your department

Fill out the department’s Data Security Compliance Review form and submit to ITS

Data Steward Training


Data steward training13 l.jpg

Responsibilities their department identify locations of Personally Identifiable Information (PII)

Act as a resource for your department by providing information about the policies and their impact

Conduct presentations as needed to raise awareness

Sample presentation: http://www.luc.edu/its/pdfs/dspresentation.ppt

Data Steward Training


Data steward training14 l.jpg

Changes in how your their department identify locations of Personally Identifiable Information (PII)

department handles

Loyola data

Data Steward Training


Data steward training15 l.jpg

Changes for Paper documents their department identify locations of Personally Identifiable Information (PII)

Limit access to department workspaces that store LPro or LSen data in paper form – your department should:

Create a list of individuals with access to restricted areas; provide Campus Security with a copy of the list

Require a badge or key to access those areas

Allow no public access to those areas

Acquire/use approved shredders to dispose of documents

Limit access to printers and faxes

Properly store LPro or LSen documents; avoid leaving LPro or LSen information on desks and other work areas when no one is present

Data Steward Training


Data steward training16 l.jpg

Changes for electronic documents their department identify locations of Personally Identifiable Information (PII)

Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form

LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted

ITS will provide instructions for installing the encryption software for those users that need it

Data Steward Training


Data steward training17 l.jpg

Preferred storage for remote access their department identify locations of Personally Identifiable Information (PII)

LPro or LSen data preferred storage for remote access

Network drives (VPN + Remote Desktop)

Laptop w/ encryption software

PDA/Blackberry/Smartphone w/ encryption software

Portable drive w/ encryption software

CD/DVD/disk as an encrypted file

Data Steward Training


Data steward training18 l.jpg

Disposal of LPro or LSen data their department identify locations of Personally Identifiable Information (PII)

Paper – Shred either through shredding service or approved personal shredder (Purchasing has list of approved shredders)

Electronic – Contact ITS for proper disposal

If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal

Data Steward Training


Data steward training19 l.jpg

Encryption of data their department identify locations of Personally Identifiable Information (PII)

Electronic data transfers must be secured

If you need to send sensitive data via email, please contact ITS for information on sending encrypted emails

LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted

ITS will assist in configuration and training for department-specific issues on an as-needed basis

Data Steward Training


Data steward training20 l.jpg

Report possible breaches / exposures their department identify locations of Personally Identifiable Information (PII)

Call 86086 / 773-508-6086

Email datasecurity@luc.edu

Go to anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

Data Steward Training


University deployment plan l.jpg

Split into 4 phases their department identify locations of Personally Identifiable Information (PII)

ITS pilot

Sullivan Center pilot

High-risk areas (HR, Finance, etc)

Rest of the university

Main communication effort will occur before the 4th phase – university-wide deployment

University Deployment Plan


Communication strategy l.jpg

Town hall meetings their department identify locations of Personally Identifiable Information (PII)

Inside Loyola Weekly

Separate email blast to all staff

Communications specifically targeting faculty

Communication Strategy


How do i l.jpg

Give a presentation to my department about this? their department identify locations of Personally Identifiable Information (PII)

Perform the scanning portion?

Install the encryption software?

Fill out the paperwork?

Get other questions answered?

How Do I …?


How do i24 l.jpg

Give a presentation to the rest of my department? their department identify locations of Personally Identifiable Information (PII)

Recommended so they will have a better understanding of how they can help protect PII and other sensitive data

Complete presentation available at http://www.luc.edu/its/pdfs/dspresentation.ppt

Please send any questions you cannot answer to ITS (DataSecurity@luc.edu or x86086)

How Do I…?


How do i25 l.jpg

Perform the scanning portion? their department identify locations of Personally Identifiable Information (PII)

Send an email to everyone in your department asking them to go to Loyola Software -> Useful Tools -> Spider Scanner

This will install and run the scanning software

The process can take an hour or two, but the user can continue using their machine while it works

Program will automatically close when done

How Do I…?


How do i26 l.jpg

Install the encryption software? their department identify locations of Personally Identifiable Information (PII)

Close all open programs

Go to Loyola Software -> Useful Tools -> SafeGuard Easy Install

Machine reboots several times

Login, wait for machine to reboot twice more

Close encryption image and login

Verify red icon on hard drive, logout or lock machine but LEAVE IT POWERED ON!

You can use your computer while it encrypts, but it will run more slowly until the process completes

How Do I…?


How do i27 l.jpg

Fill out the paperwork? their department identify locations of Personally Identifiable Information (PII)

Two different forms to complete

While reviewing the spider log with the user, fill out the PII Tracking.xls spreadsheet

Once all computers have been scanned and their logs reviewed, fill out the Data Security Compliance Review form available at http://luc.edu/its/pdfs/gov_PIIP/Personal%20Information%20Protection%20Compliance%20Review.pdf (the last page)

How Do I…?


How do i28 l.jpg

Get other questions answered? their department identify locations of Personally Identifiable Information (PII)

Call / Email / Stop By

Joe Bazeley

jbazele@luc.edu

DataSecurity@luc.edu

773-508-6086 / 86086

Granada Center room 235

How Do I…?


Data steward training29 l.jpg

Tools and Resources their department identify locations of Personally Identifiable Information (PII)

ITS Contact

Joe Bazeley

jbazele@luc.edu

773-508-6086 / 86086

Policies

Presentation – add links

Reporting breaches

Anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

Email datasecurity@luc.edu

Data Steward Training


Summary l.jpg

As a Data Steward you play an important role in ensuring that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

Summary


Summary31 l.jpg

Responsibilities that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

Be a resource to your department by providing information about these policies and their impact

Sample presentation available at http://www.luc.edu/its/pdfs/dspresentation.ppt

Conduct scans of department media every 6 months

Check output of LPro/LSen data detection tool on each individual’s computer

Provide summary info on LPro/LSen data to ITS and your department

Fill out department’s compliance form for ITS

Summary


Summary32 l.jpg

Badge/key access restrictions that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

Printers and faxes in secure areas

Use approved shredders

Secure desk when not around

Encryption of computers

Cannot store LPro or LSen data on unencrypted computers

Store files on network drives for remote access

Summary


Data steward training33 l.jpg

Questions? that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

Data Steward Training


Data steward training34 l.jpg

Thank you that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

for

Your participation

Data Steward Training


Full disk encryption install demo l.jpg

Short version of install process: that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information

Close open documents

Launch program

Wait several minutes, login

Wait several minutes, close picture then login again

Log out or lock computer, but leave it powered on

Full Disk Encryption Install Demo


ad
  • Login