new faculty orientation to privacy and security at uf
DESCRIPTION
New Faculty Orientation to Privacy and Security at UF. Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security. Privacy: Not Alphabet Soup …. COPPA. facta. GLBA. CFAA. HIPAA. DPPA. ADA. ITADA. The Privacy Act. FERPA. TCFAPA. ECPA. CPNI. pcidss. RED FLAGS. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/1.jpg)
New Faculty Orientation to Privacy and Security at UF
Susan Blair, Chief Privacy OfficerKathy Bergsma, Information Security
![Page 2: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/2.jpg)
Privacy: Not Alphabet Soup …
![Page 3: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/3.jpg)
Security: Not a Prison or a Fortress
![Page 4: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/4.jpg)
Restricted Data
• Restricted Data: – Information, which if disclosed to
unauthorized users, may have very significant adverse operational or strategic impact on an individual, a group or institution. This classification includes, but is not limited to, data restricted by law and legal contracts.
• Examples: – Personally Identifiable Information – SSNs,
FDLs, financial data– Medical Records– Student Records
![Page 5: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/5.jpg)
Information Highway “Danger Zones”
• Family Educational Rights and Privacy Act (FERPA): Student Records– Authorizes Secretary of Education to end all federal
funding if a university fails to comply with federal statute
• Health Insurance Portability & Accountability Act (HIPAA): Protected Health Information– Civil penalties and DOJ criminal prosecutions, which may
result in penalties and up to ten years of jail time
• Payment Credit Industry Data Security Standard (PCIDSS): Credit Card Information– Noncompliant entities may be fined $500,000 per
incident if cardholder information is compromised, and processing privileges may be revoked
![Page 6: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/6.jpg)
Hazard Number OneFailing to complete specific Privacy and Security general awareness trainings.– “Privacy and Student Records in the
Sunshine State”– HIPAA General Awareness or HIPAA
for Researchers– Security: Restricted Data Training– Security: Cyber Self-Defense
![Page 7: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/7.jpg)
Hazard Number Two
• Being a Faculty member does not entitle you to any and all student information.
• Share student records with individuals who have official need-to-know
• Grades, UFIDs, Student photos• Letters of Recommendations
![Page 8: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/8.jpg)
Hazard Number Three• Beware of including restricted data
in unsecure emails systems. Do not use personal email accounts (hotmail, gmail, yahoo, etc.)to receive or transmit restricted data.
• Adhere to UF’s Social Media Guidelines; do not disclose restricted information or talk about work related issues in blogs or on Facebook pages.
![Page 9: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/9.jpg)
Hazard Number Four
• Any portable device (i.e., laptop, ipad, pda, cell phone, flash drive) that is used for collecting, storing, or communicating restricted data must be encrypted- no exceptions.
• Use of Social Security requires Privacy Office written permission.
![Page 10: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/10.jpg)
Hazard Number Five
Identity Theft• Red Flag Rules for credit cards and financial
data• Payment Credit Industry Data Security
Standards
Phishing scams• ALWAYS be suspicious• UF will NEVER ask you for your password• Never share your password with ANYONE• Verify the information in the email by calling the
UF Computing Help Desk, 392-HELP• For more tips, visit http://security.it.ufl.edu/
![Page 11: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/11.jpg)
Potholes and Patches
• Training Opportunities:– “Privacy and Student Records
in the Sunshine State”– Social Security Number
Training– Red Flag Rules– HIPAA General Awareness or
HIPAA for Researchers– Security: Restricted Data
Training– Security: Cyber Self-Defense
![Page 12: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/12.jpg)
Potholes and Patches
No antivirus software or software isn’t current• McAfee VirusScan is free for
work and homehttp://software.ufl.edu/mcafee
Computer updates are not current• Secunia Personal Software Inspector
(PSI)– http://secunia.com/psi
![Page 13: New Faculty Orientation to Privacy and Security at UF](https://reader035.vdocuments.net/reader035/viewer/2022062517/568138e7550346895da09961/html5/thumbnails/13.jpg)
Potholes and Patches
Portable devices and media• Encryption– McAfee Endpoint Protection
http://software.ufl.edu/mcafee
• Loss and theft protection– FrontDoorSoftware
http://www.frontdoorsoftware.com/ufl/