1 / 15

Academic Administrators Series Privacy and Security at UF

Academic Administrators Series Privacy and Security at UF. Susan Blair, Chief Privacy Officer Rob Adams, Information Security. Privacy: Not Alphabet Soup …. COPPA. facta. GLBA. CFAA. HIPAA. DPPA. ADA. ITADA. The Privacy Act. FERPA. TCFAPA. ECPA. CPNI. pcidss. RED FLAGS.

rona
Download Presentation

Academic Administrators Series Privacy and Security at UF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Academic Administrators Series Privacy and Security at UF Susan Blair, Chief Privacy Officer Rob Adams, Information Security

  2. Privacy: Not Alphabet Soup … COPPA facta GLBA CFAA HIPAA DPPA ADA ITADA The Privacy Act FERPA TCFAPA ECPA CPNI pcidss REDFLAGS

  3. Total UF Incidents

  4. Security: Not a Prison or a Fortress

  5. Restricted Data • Restricted Data: • Information, which if disclosed to unauthorized users, may have very significant adverse operational or strategic impact on an individual, a group or institution. This classification includes, but is not limited to, data restricted by law and legal contracts. • Examples: • Personally Identifiable Information – SSNs, FDLs, financial data • Medical Records • Student Records

  6. Information Highway “Danger Zones” • Family Educational Rights and Privacy Act (FERPA): Student Records • Authorizes Secretary of Education to end all federal funding if a university fails to comply with federal statute • Health Insurance Portability & Accountability Act (HIPAA): Protected Health Information • Civil penalties and DOJ criminal prosecutions, which may result in penalties and up to ten years of jail time • Payment Credit Industry Data Security Standard (PCIDSS): Credit Card Information • Noncompliant entities may be fined $500,000 per incident if cardholder information is compromised, and processing privileges may be revoked

  7. Hazard Number One Failing to complete specific Privacy and Security general awareness trainings. • “Privacy and Student Records in the Sunshine State” • HIPAA General Awareness or HIPAA for Researchers • Security: Restricted Data Training • Security: Cyber Self-Defense

  8. Hazard Number Two • Being a Faculty member does not entitle you to any and all student information. • Share student records with individuals who have official need-to-know • Grades, UFIDs, Student photos • Letters of Recommendations

  9. Hazard Number Three • Beware of including restricted data in unsecure emails systems. Do not use personal email accounts (hotmail, gmail, yahoo, etc.)to receive or transmit restricted data. • Adhere to UF’s Social Media Guidelines; do not disclose restricted information or talk about work related issues in blogs or on Facebook pages.

  10. Hazard Number Four • Any portable device (i.e., laptop, ipad, pda, cell phone, flash drive) that is used for collecting, storing, or communicating restricted data must be encrypted- no exceptions. • Use of Social Security Numbers requires Privacy Office written permission.

  11. Hazard Number Five Identity Theft • Red Flag Rules for credit cards and financial data • Payment Credit Industry Data Security Standards Phishing scams • ALWAYS be suspicious • UF will NEVER ask you for your password • Never share your password with ANYONE • Verify the information in the email by calling the UF Computing Help Desk, 392-HELP • For more tips, visit http://security.it.ufl.edu/

  12. Potholes and Patches • Training Opportunities: • “Privacy and Student Records in the Sunshine State” • Social Security Number Training • Red Flag Rules • HIPAA General Awareness or HIPAA for Researchers • Security: Restricted Data Training • Security: Cyber Self-Defense

  13. Potholes and Patches No antivirus software or software isn’t current • McAfee VirusScan is free for work and home http://software.ufl.edu/mcafee Computer updates are not current • Secunia Personal Software Inspector (PSI) • http://secunia.com/psi

  14. Potholes and Patches Portable devices and media • Encryption • PGP Whole Disk Encryption http://infosec.ufl.edu/itworkers/pgp/ • Loss and theft protection • FrontDoorSoftware http://www.frontdoorsoftware.com/ufl/

  15. When in Doubt … • Privacy: Susan Blair 273-1212 sablair@ufl.edu • Information Security Rob Adams 273-1788 rob@ufl.edu

More Related