1 / 15

Data Privacy

Data Privacy. “How Private Is It?”. Basic Information. Resources Learning Opportunities Reporting Policies and Procedures. In The Beginning. A client approaches a counter and asks for services. The clerk asks the client for basic information: The process has begun.

maja
Download Presentation

Data Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Privacy “How Private Is It?”

  2. Basic Information • Resources • Learning Opportunities • Reporting • Policies and Procedures

  3. In The Beginning • A client approaches a counter and asks for services. The clerk asks the client for basic information: • The process has begun

  4. The Investigation Story • Hotline Call

  5. The Investigation Begins • The Department of Human Services Financial Assistance Division The Financial Assistance Division administers many different financial assistance programs, most of which are financed by the federal and state government. The programs are targeted for families and individuals with incomes at or below the poverty level. Programs include: temporary, emergency or general assistance to needy families or indigents; grants for the disabled; food stamps; and Medicaid or refugee re-settlement.

  6. The Process of Discovery • Conducted investigation interviews • Retrieved suspects computer hard drives(DSS Commissioner Permission Required) • Requested SPIDeR Audit Trails (DSS – DIS, Information Security Unit – John Palese, Senior System Engineer) • Reviewed audit trails

  7. The Discovery SPIDeR – Systems Partnering in a Demographic Repository

  8. Worker instructed by supervisor to obtain information on citizens by supervisor • The Violation Worker uses SPIDeR to obtain information on citizens Violation & Crime Supervisor takes information and calls APECS (child support) pretending to be a citizen Violation & Crime Discovery of other employee violations

  9. The Outcome • Reported violation to police • Supervisor terminated • Employee resigns before termination • Contract worker terminated • Two employees suspended • Two employees received written counsel • A letter sent to the Commissioner of DSS

  10. Why Is It A Violation And Crime? Privacy Policy The Virginia Department of Social Services computer system, and component parts, contain privileged customer and government information. Access to information is restricted to the Department of Social Services authorized users. Unauthorized access, use, misuse, or modification of the data or the system, or unauthorized printing or release of data, is a violation of Department policy. It is also a violation of Title 18, United States Code Section 1030. Violators may be subject to criminal and civil penalties, including but not limited to a fine of up to $5000 and/or 5 years in prison, as set forth in Title 26, United States Code Sections 7213 and 7431.

  11. Other Laws • The Privacy Act of 1974 • Virginia Code 2.2-3800–3803 • Computer Invasion of Privacy Under the Virginia Computer Crimes Act • Information Technology Security Standard • Virginia Department of Social Services – Information Security Policy

  12. Agencies Agreements • The Social Security Administration and the Commonwealth of Virginia • The Department of Motor Vehicles and the Virginia Department of Social Services • The Virginia Employment Commission and the Virginia Department of Social Services

  13. What Is The Risk? • Lack of public trust • Open to civil suits • Loss of database accesses • Loss of the ability to provide services to our citizens • Identity theft

  14. Prevention and Detection • Implement a stronger security training program • Implement random sampling of users • No tolerance policy – strong disciplinary action for violators • Educate the users • Require all staff to attend Ethics Training • Compliance with agreements • Audits

  15. Questions

More Related