1 / 25

Privacy Security

Privacy Security. Felecia Vlahos Information Security Officer. Information Privacy. Prevention of intentional or unintentional unauthorized disclosure of information. Types of private information. Medical (ADHD, AIDS, etc.) Relational (heritage, sexual) Academic (grades)

laksha
Download Presentation

Privacy Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Security Felecia Vlahos Information Security Officer

  2. Information Privacy Prevention of intentional or unintentional unauthorized disclosure of information

  3. Types of private information • Medical (ADHD, AIDS, etc.) • Relational (heritage, sexual) • Academic (grades) • Financial (accounts, SSN) • Business (mergers, recipe) • Military (locations, weapons) • Religious (Christian, Muslim) • Etc.

  4. http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

  5. 2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

  6. 2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

  7. Damages Financial Fraud (they use your money) • Charges on credit card ($50, new card) • Drain of account (depends, new account/password)

  8. Serious Damages Identity Theft (they become you!) • Lots of financial fraud ($50x?, ? new cards) • New credit established (time/money to prove your identity, lower credit rate/loss of car or home/need to use deposit accounts, hounded by collectors) • New address established (time/money to prove your identity, unable to rent) • Police record (time in jail/bail!!, trial/loss of job) • Military record (time in the brig, new career)

  9. Key to Lower Damages Early detection!

  10. How to Detect? http://onguardonline.gov/quiz/idtheft_quiz.html

  11. How to Detect?

  12. How to Detect?

  13. How to Detect? http://www.consumer.gov/idtheft/pdf/synovatereport.pdf

  14. Who will Detect? • WAS http://www.consumer.gov/idtheft/stats.html

  15. Where is the Information? • Paper • Tapes/floppies • CDROM/usb drive • File/web/database servers • Desktops (home and work) • Laptop/iPod/Palm Pilot • Treo/Blackberry/cell phones

  16. Who is collecting the Information? • Business (water company, ebay, rental, real estate, UPS) • Membership (library, Vons, gym) • Credit bureaus • Health (doctor, dentist, hospital, vet) • Education (preschool, elem, JHS, HS, college) • Insurance (health, car, home) • Child care • Banking (checking, credit cards, loans)

  17. Laws & Regulations • Federal laws • The Family Education Rights and Privacy Act of 1974 (FERPA) • Gramm-Leach-Bliley Act of 1999 • Health Care Portability and Accountability Act of 1996 (HIPAA) • USA Patriot Act of 2001 • The Freedom of Information Act (5 U.S.C. § 552, As Amended by Public Law No. 104-231, 110 Stat. 3048) • Fair and Accurate Credit Transactions Act of 2003 (FACTA) • FTC (16CFR, Part 314), Standards for Safeguarding Customer Information: Final Rule, May 23, 2002 • State laws • California Civil Code 1798 (Information Practices Act of 1977; Notification of security breaches; restricted use of security numbers California) • California Penal Code530.5 (Identity Theft) • California Code of Regulations, Title 5, Education, Section 42396-42396.5 (Privacy and Personal Information Management) • California Education Code, Section 89546, Employee Access Information Pertaining to Themselves • Comprehensive Computer Data Access and Fraud act (California Penal code, Section 502) • Government Code 6250-6265 (California Public Records Act)

  18. Benefits Derived • Required to develop a security plan (security.sdsu.edu) • Prohibited from: • Publicly posting or displaying anindividual’s social security number. • Printing an individual’s social security number on any card required for access to products or services. • Requiring an individual to transmit his/her social security number over the Internet, unless the connection is secure or the social security number is encrypted. • Requiring an individual to use a social security number to access an Internet Web site, unless a password, unique personal identification number, or other authentication device is required also. • Printing an individual’s social security number on materials that are mailed. A social security number may not be printed on a postcard or visible on an envelope. • Encoding or embedding a social security number in a card or document, including using a bar code, chip,magnetic strip, or any other technology. • After December 4, 2006, companies will not be allowed to print your credit or debit card expiration date or more than the last 5 digits of your card number on your electronic receipt.

  19. Protect Yourself!! • Decline to provide the information(Digitizers, SD County Library, BoA fingerprint) • Free Credit Report Annually: https://www.annualcreditreport.com • Favorite ID Theft sites: http://www.ou.edu/oupd/inetmenu.htm http://www.privacy.ca.gov/ • Credit bureaus: (fraud alert, freeze/suspend files, subscription services) Equifax - www.equifax.com Experian - www.experian.com Trans Union - www.transunion.com • Minimize the risk: ATM/Credit card combination SSN on auto deposit Storage of data offline

  20. Subscription Service

  21. Scary Email Spring 2006

  22. Login to Service

  23. Credit alerts in last 30 days

  24. Contact information

  25. Contact Information Information Technology Security Office Felecia Vlahos Information Security Officer fvlahos@mail.sdsu.edu 619-594-4049

More Related