1 / 30

Welcome Personally Identifiable Information (PII) Protection Training Training

Welcome Personally Identifiable Information (PII) Protection Training Training . Goal The purpose for today’s training program is to introduce you to your role and responsibilities to help ensure the security of personal data at Loyola. PII Training. Learning Objectives:

Jims
Download Presentation

Welcome Personally Identifiable Information (PII) Protection Training Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WelcomePersonally Identifiable Information (PII) Protection Training Training

  2. Goal The purpose for today’s training program is to introduce you to your role and responsibilities to help ensure the security of personal data at Loyola. PII Training

  3. Learning Objectives: As a result of participating in today’s program you will: Learn about Loyola’s Personally Identifiable Information (PII) Protection program Gain a better understanding of your role and responsibilities to secure PII and other sensitive data at Loyola PII Training

  4. Protecting Personally Identifiable Information PII Training

  5. PII Training • Loyola recently approved policies covering: • Data Classification • Loyola Protected-Sensitive Data Identification • Physical Security of Loyola Protected-Sensitive Data • Electronic Security of Loyola Protected-Sensitive Data • Disposal of Loyola Protected-Sensitive Data • Loyola Encryption • Data Breach Response • Compliance Review • The policies are online at http://luc.edu/its/policies.shtml

  6. PII Training • All data produced by employees of Loyola University Chicago during the course of University business will be classified as: • Loyola Protected Data • Loyola Sensitive Data • Loyola Public Data (Definitions on next slide)

  7. Definitions Loyola Protected data (LPro data) Protected by Federal, state, or local laws Includes SSNs, credit card numbers, bank account info, driver’s license numbers, personal health info, FERPA info, etc Loyola Sensitive data (LSen data) Not covered by laws, but information that Loyola would not distribute to the public Classified by department that created the data Loyola Public data (LPub data) Information that Loyola is comfortable distributing to the general public. PII Training

  8. Changes in how your department handles Loyola data PII Training

  9. Data Stewards All departments will have at least one data steward The data steward(s) help coordinate activities that your department must perform every 6 months to ensure compliance with the policies They will send you an email asking you to run a piece of software, then they will schedule a time to review the results with you PII Training

  10. Changes for Paper documents Limit access to department workspaces that store LPro or LSen data in paper form Use your badge or key to access the area Do not allow the public to access those areas Use approved shredders to dispose of documents (in accordance with your department’s retention policy) LPro or LSen data should only be sent to printers and faxes in secured areas Properly store LPro or LSen documents; avoid leaving protected information on desks and other work areas PII Training

  11. Changes for electronic documents Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted ITS will provide instructions for installing the encryption software for those users that need it PII Training

  12. Preferred storage for remote access LPro or LSen data preferred storage for remote access Network drives (VPN + Remote Desktop) Laptop w/ encryption software PDA/Blackberry/Smartphone w/ encryption Portable drive w/ encryption software CD/DVD/disk as an encrypted file PII Training

  13. Disposal of LPro or LSen data Paper – Shred either through shredding service or approved personal shredder Electronic – Contact ITS for proper disposal If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal PII Training

  14. Encryption of data Encryption will be provided by ITS Electronic data transfers must be secured Methods for transferring encrypted emails are available from ITS LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted ITS will assist in configuration and training for department-specific issues on an as-needed basis PII Training

  15. Report possible breaches / exposures Call 86086 / 773-508-6086 Email datasecurity@luc.edu Go to anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml PII Training

  16. Run Scanning software (Spider) when asked by your data steward Schedule a time with your data steward to review the results of your spider log file If your data steward says you need encryption software, install encryption software on your machine or call ITS to schedule an installation Follow the policies listed previously What You’ll Be Asked To Do

  17. Log in to your computer normally Empty your Internet Explorer cache (Open IE -> Tools -> Internet Options -> Delete -> Delete Files) Select Start -> Loyola Software -> Useful Tools -> Spider Scanner This will install and run the spider tool The spider tool will scan your computer for files that might contain PII How Do I Run Spider?

  18. You can continue working while it scans When complete, it will close and leave a file on your desktop Please do not do anything to this file until your data steward reviews it with you Let your data steward know that you are ready to review your spider log with them How Do I Run Spider?

  19. Your data steward will schedule a time to go over the log file with you Log in to your computer normally when the data steward is there The data steward will open up the Spider log file using the Spider program Review the entries in the Spider log file with your data steward How Do We Review a Spider File?

  20. As you open each file in the log, scan it to determine if it contains Social Security number or credit card numbers The file will contain a large number of “false positives” – such as files that contain a 9-digit number that is not a SSN Your data steward will record information about your machine If your data steward indicates that you need the encryption software, install it on your computer How Do We Review a Spider File?

  21. Preparation Only for Windows machines – does not work on Mac, Linux, or other computer types Save all of your work and close all open programs Initial installation can take up to 15 minutes, and the encryption can take up to 2 hours Computer is usable while encrypting data, but will run slightly slower You may want to begin this process 20 minutes before you leave for the evening How Do I Install Encryption Software?

  22. Save your work and close all your programs Start -> Loyola Software -> Useful Tools -> SafeGuard Easy Install Click Yes to begin, which will make your machine automatically reboot The program will check your hard drive for errors, and reboot several times Login when you see the login prompt How Do I Install Encryption Software?

  23. After logging in, the program will install more software, then reboot two more times Login again You will see an image showing how to tell the encryption is present – close this image At this point the encrypting is beginning – as long as the machine is on it will continue to encrypt, even if locked or logged off Call ITS if you need assistance How Do I Install Encryption Software?

  24. Save open documents, close programs Launch installer, click yes, computer will reboot Login when you are able to, computer will reboot automatically Login when you are able to, close encryption picture that appears Encryption will occur while machine is on – even if locked or logged off Short Version – Install Encryption

  25. Will this affect USB devices?No – it only encrypts your internal hard drive Will this affect email?No – ITS has a separate program available if you need to encrypt email How will this change how I use my computer?It shouldn’t change anything – the encryption should be invisible to the user How can I tell it is installed?A yellow key on your hard drive icon indicates it is now encrypted Encryption Questions

  26. Tools and Resources ITS Contact Joe Bazeley jbazele@luc.edu 773-508-6086 / 86086 Policies Reporting breaches Email datasecurity@luc.edu Anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml PII Training

  27. In closing, each one of us plays an important role in ensuring that our department is in and remains in compliance with Loyola University’s policies for protecting Personally Identifiable Information Summary

  28. Badge/key access restrictions Printers and faxes in secure areas Use approved shredders Secure desk when not around Encryption of computers Cannot store LPro or LSen data on unencrypted computers Store files on network drives for remote access Summary – notes about major changes

  29. Questions? PII Training

  30. Thank you for Your participation PII Training

More Related