welcome personally identifiable information pii protection training for data stewards l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards PowerPoint Presentation
Download Presentation
Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards

Loading in 2 Seconds...

play fullscreen
1 / 35

Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards - PowerPoint PPT Presentation


  • 377 Views
  • Uploaded on

Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards. Goal

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards' - mike_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
data steward training
Goal

The purpose for today’s training program is to introduce you to a collection of policies designed to protect Personally Identifiable Information (PII) and to your role and responsibilities as a Data Steward.

Data Steward Training
data steward training3
Learning Objectives:

As a result of participating in today’s program you will:

Learn about Loyola’s Personally Identifiable Information (PII) Protection program

Gain a better understanding of your role and responsibilities as a Data Steward

Acquire a list of tools and resources that can support you in your role as a Data Steward

Data Steward Training
data steward training4
Agenda

The Challenge of Protecting PII

Loyola’s Process for Protecting PII

Your Role in Protecting Loyola’s PII

Tools and Resources

Data Steward Training
data steward training5
Guidelines

Program length: 60 minutes

Ask questions – participate

Data Steward Training
slide7

Data Steward Training

  • Loyola recently approved policies covering areas:
  • Data Classification
  • Loyola Protected & Sensitive Data Identification
  • Physical Security of Loyola Protected & Sensitive Data
  • Electronic Security of Loyola Protected & Sensitive Data
  • Disposal of Loyola Protected & Sensitive Data
  • Loyola Encryption
  • Compliance Review
  • Data Breach Response
slide8

Data Steward Training

  • All data produced by employees of Loyola University Chicago during the course of University business will be classified as one of these three types of data:
        • Loyola Protected Data
        • Loyola Sensitive Data
        • Loyola Public Data

(Definitions on next slide)

data steward training9
Definitions

Loyola Protected data (LPro data)

Protected by Federal, state, or local laws

Includes SSNs, credit card numbers, bank account info, driver’s license numbers, personal health info, FERPA info, etc

Loyola Sensitive data (LSen data)

Not covered by laws, but information that Loyola would not distribute to the public

Determined by the department that created the data

Loyola Public data (LPub data)

Information that Loyola is comfortable distributing to the general public.

Data Steward Training
data steward training11
The primary responsibility of a data steward is to help their department identify locations of Personally Identifiable Information (PII)

The data steward will also produce documentation used by ITS and your department indicating where PII is located in the department

Data Steward Training
data steward training12
Responsibilities

Identify computers that store or access Loyola Protected or Loyola Sensitive data

Conduct systems scan every 6 months

Use software scanning tool that flags possible LPro information

Record information from the scanning software tool in a spreadsheet for ITS and your department

Fill out the department’s Data Security Compliance Review form and submit to ITS

Data Steward Training
data steward training13
Responsibilities

Act as a resource for your department by providing information about the policies and their impact

Conduct presentations as needed to raise awareness

Sample presentation: http://www.luc.edu/its/pdfs/dspresentation.ppt

Data Steward Training
data steward training14
Changes in how your

department handles

Loyola data

Data Steward Training
data steward training15
Changes for Paper documents

Limit access to department workspaces that store LPro or LSen data in paper form – your department should:

Create a list of individuals with access to restricted areas; provide Campus Security with a copy of the list

Require a badge or key to access those areas

Allow no public access to those areas

Acquire/use approved shredders to dispose of documents

Limit access to printers and faxes

Properly store LPro or LSen documents; avoid leaving LPro or LSen information on desks and other work areas when no one is present

Data Steward Training
data steward training16
Changes for electronic documents

Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form

LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted

ITS will provide instructions for installing the encryption software for those users that need it

Data Steward Training
data steward training17
Preferred storage for remote access

LPro or LSen data preferred storage for remote access

Network drives (VPN + Remote Desktop)

Laptop w/ encryption software

PDA/Blackberry/Smartphone w/ encryption software

Portable drive w/ encryption software

CD/DVD/disk as an encrypted file

Data Steward Training
data steward training18
Disposal of LPro or LSen data

Paper – Shred either through shredding service or approved personal shredder (Purchasing has list of approved shredders)

Electronic – Contact ITS for proper disposal

If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal

Data Steward Training
data steward training19
Encryption of data

Electronic data transfers must be secured

If you need to send sensitive data via email, please contact ITS for information on sending encrypted emails

LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted

ITS will assist in configuration and training for department-specific issues on an as-needed basis

Data Steward Training
data steward training20
Report possible breaches / exposures

Call 86086 / 773-508-6086

Email datasecurity@luc.edu

Go to anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

Data Steward Training
university deployment plan
Split into 4 phases

ITS pilot

Sullivan Center pilot

High-risk areas (HR, Finance, etc)

Rest of the university

Main communication effort will occur before the 4th phase – university-wide deployment

University Deployment Plan
communication strategy
Town hall meetings

Inside Loyola Weekly

Separate email blast to all staff

Communications specifically targeting faculty

Communication Strategy
how do i
Give a presentation to my department about this?

Perform the scanning portion?

Install the encryption software?

Fill out the paperwork?

Get other questions answered?

How Do I …?
how do i24
Give a presentation to the rest of my department?

Recommended so they will have a better understanding of how they can help protect PII and other sensitive data

Complete presentation available at http://www.luc.edu/its/pdfs/dspresentation.ppt

Please send any questions you cannot answer to ITS (DataSecurity@luc.edu or x86086)

How Do I…?
how do i25
Perform the scanning portion?

Send an email to everyone in your department asking them to go to Loyola Software -> Useful Tools -> Spider Scanner

This will install and run the scanning software

The process can take an hour or two, but the user can continue using their machine while it works

Program will automatically close when done

How Do I…?
how do i26
Install the encryption software?

Close all open programs

Go to Loyola Software -> Useful Tools -> SafeGuard Easy Install

Machine reboots several times

Login, wait for machine to reboot twice more

Close encryption image and login

Verify red icon on hard drive, logout or lock machine but LEAVE IT POWERED ON!

You can use your computer while it encrypts, but it will run more slowly until the process completes

How Do I…?
how do i27
Fill out the paperwork?

Two different forms to complete

While reviewing the spider log with the user, fill out the PII Tracking.xls spreadsheet

Once all computers have been scanned and their logs reviewed, fill out the Data Security Compliance Review form available at http://luc.edu/its/pdfs/gov_PIIP/Personal%20Information%20Protection%20Compliance%20Review.pdf (the last page)

How Do I…?
how do i28
Get other questions answered?

Call / Email / Stop By

Joe Bazeley

jbazele@luc.edu

DataSecurity@luc.edu

773-508-6086 / 86086

Granada Center room 235

How Do I…?
data steward training29
Tools and Resources

ITS Contact

Joe Bazeley

jbazele@luc.edu

773-508-6086 / 86086

Policies

Presentation – add links

Reporting breaches

Anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml

Email datasecurity@luc.edu

Data Steward Training
summary
As a Data Steward you play an important role in ensuring that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive informationSummary
summary31
Responsibilities

Be a resource to your department by providing information about these policies and their impact

Sample presentation available at http://www.luc.edu/its/pdfs/dspresentation.ppt

Conduct scans of department media every 6 months

Check output of LPro/LSen data detection tool on each individual’s computer

Provide summary info on LPro/LSen data to ITS and your department

Fill out department’s compliance form for ITS

Summary
summary32
Badge/key access restrictions

Printers and faxes in secure areas

Use approved shredders

Secure desk when not around

Encryption of computers

Cannot store LPro or LSen data on unencrypted computers

Store files on network drives for remote access

Summary
data steward training34
Thank you

for

Your participation

Data Steward Training
full disk encryption install demo
Short version of install process:

Close open documents

Launch program

Wait several minutes, login

Wait several minutes, close picture then login again

Log out or lock computer, but leave it powered on

Full Disk Encryption Install Demo