OUTLINE AND OBJECTIVES

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "OUTLINE AND OBJECTIVES"

Transcription

1 BYOD in the Federal Workplace: Privacy Considerations and Case Studies Moderator: Alex Tang, Attorney, Office of General Counsel, Federal Trade Commission (FTC) Panelists: Kimberly Hancher, Chief Information Officer (CIO), Equal Employment Opportunity Commission (EEOC) Jack Gabriel, Director, Operations Assurance, Office of the CIO, FTC IAPP Gov t Series Washington, DC (Wed., December 3, 2013) Disclaimer: The views expressed are solely those of the presenters and not of their employing agencies or the U.S. Gov t. OUTLINE AND OBJECTIVES By the end of this session you should know: The privacy issues associated with monitoring or collection of bring your own device (BYOD) data of employee users The risks of collection, storage, transmission and processing of program PII (other employees or members of public) on personal devices Common strategies/technologies for managing and segregating personal and work PII on BYOD Some special questions to ask in a PIA for BYOD How to address BYOD in your breach notification plan What goes in your BYOD procedures and rules of behavior How and when to providing privacy, whistleblower or other required notices, banners, etc. Where to find official guidance and best practices (resources) 1

2 BYOD AND EMPLOYEE PRIVACY In a survey of people who use personal devices (smartphones, tablet) for work 82% believed the ability to be tracked is an invasion of their privacy 72% would not give their employer access to view what applications are installed on their personal devices 75% would not allow their employer to install an app that would let the employer locate them in exchange for access to corporate resources 82% were concerned/extremely concerned about their employer tracking the Web sites they visited on non-work time 86% were concerned/extremely concerned about unauthorized deletion of their personal pictures, music, profiles Source: Harris Interactive and Fiberlink, July 2012 BYOD AND EMPLOYEE PRIVACY Personal device data and functions Geolocation (GPS) Text messages (SMS), Other Web/Internet surfing data Device controls (camera, mic, on/off, sensors) Address book ( addresses, phone numbers) Photos, music, video, other files or data Apps and apps inventory Government workplace privacy ( reasonableness of search test) 1987: O Connor v. Ortega (employee s office) 2010: Ontario v. Quon (employee s pager) Cf. 2013: Lazette v. Kalmatycki (former employee s Webmail through mobile device) (ECPA) 2

3 BYOD PRIVACY RISKS Agency officials or staff may collect employee PII or monitor their activities in violation of the Constitution (personal liability), Privacy Act of 1974 (unauthorized data collection and creation of records systems), and Electronic Communications Privacy Act (ECPA) (stored communications) Agency may violate provisions in appropriations law and OMB policy prohibition on Internet tracking Employee PII (and their devices) may become subject to FOIA or e- discovery, requiring agency to take/request custody of device (e.g., if required by court order) Increased risk of unauthorized or inappropriate disclosure or sharing of program PII from a personal device (e.g., employees mixing work and socializing, or doing PII work in insecure locations) Employee may lend personal device to family, friends (increased risk of loss of device, or unintended access to program PII via device) Employee may compromise security on the device (e.g., jailbreaking, downloading malicious apps, peer-to-peer software, lax passwording) Agency may need to wipe the device if there is a security incident COMMON BYOD STRATEGIES Virtualization (remote access to computing resources) Example: Alcohol & Tobacco Tax & Trade Bureau (TTB) virtual desktop solution. Device is a thin client. No data touches the end user device. Readily accommodates new devices as they come to market No need for mobile device management (MDM) app 3

4 COMMON BYOD STRATEGIES Walled garden (secure app on device to contain data or application processing) Example: EEOC, cloud-based software-as-a-service to wirelessly synchronize , calendars, contacts + MDM services, requires use of $5 app (itunes/android Market) Some solutions may allow users to work offline with Government data COMMON BYOD STRATEGIES Limited separation (allow commingling of personal and organization s data or application processing, with policies enacted to ensure minimum security controls are still satisfied) 4

5 COMMON BYOD STRATEGIES Question 1: Which strategy is likely to be most privacy-friendly? Question 2: Which strategy is likely to be most user-friendly (best user experience)? BYOD PIA As a privacy official, be involved in choosing the BYOD solution (e.g., acquisitions planning), not just flagging privacy issues Privacy needs to be balanced with user experience and the organization s needs Privacy issues must be considered in pilot testing, not just in full production and implementation 5

6 BYOD PIA Employee PII Under what circumstances could users devices be monitored or data collected? Who will have such access within and outside the agency (e.g., MDM provider)? When and why (i.e., for what uses/purposes)? With whom else will it or could it be shared? How long will it be kept? To what extent, if any, can employees opt-out (e.g., do MDM or native device settings permit users to turn off or block collection of their personal PII selectively or entirely) BYOD PIA Program PII Where will the PII live (e.g., agency server, cloud, user device)? Could third parties obtain access to this PII? MDM provider? Wireless carrier? Can users circumvent or undercut security controls and how can this risk be prevented or mitigated? Is some data too sensitive to be handled through BYOD? Will employees use their devices to collect program PII from members of the public, which may raise certain additional privacy issues (e.g., giving respondents Privacy Act notice orally, is it a new data collection activity that may expand a Privacy Act system or create a new one)? What happens to any program data on the device (including any PII) after the employee leaves the agency? 6

7 BYOD BREACH PLAN When and what BOYD incidents must be reported? (May depend on whether agency data are stored on the device or elsewhere.) Special procedures for reporting breaches when on the road, since the user may not be in a convenient location to report immediately? BYOD PROCEDURES Create/revise written procedures and policies (e.g., IT security, Privacy Act system notices, records management, e- discovery, personnel (e.g., define when disciplinary or enforcement action may be taken, check-out procedures), BYOD Intranet page) Conduct user training and orientation Will Help Desk need to support device? Union consultation/clearance Acquisitions Contractor BYOD (do contractor staff also use personal devices to collect, store, process PII for the agency?) MDM contract terms (to limit access to agency data) Employee rules of behavior (ROB) Privacy and other notices/banners 7

8 EMPLOYEE ROB What expectation of privacy, if any? Consent to monitoring or data collection, use, etc. Security requirements, prohibitions (on certain downloads, circumvention, unauthorized copying/transfer of agency data including program PII, etc.) Breach notification procedure Discipline or other sanctions or consequences Remote wipe or requiring user to provide device to agency (e-discovery, FOIA, incidents, upon separation) Training requirement Appropriate uses Privacy Act (e)(3) statement (for the ROB itself) NOTICES/BANNERS Privacy Act (on ROB, when device used to collect PII from individuals) EGOV PIA Whistleblower Act disclaimer (nondisclosure forms, policies, agreements) Login banners (EINSTEIN, etc.) 8

9 BYOD RESOURCES BYOD Toolkit (White House, 8/23/2012) Nat l Institute of Standards and Technology (NIST) guidance on remote computing security (e.g., NIST SP rev. 1, June 2013) IAPP Web site (workplace privacy, BYOD) Q&A TIME Kimberly Hancher (EEOC) BYOD in place Jack Gabriel (FTC) currently using agency-issued mobile devices, currently exploring BYOD 9

Legal Environment for Federal BYOD

Legal Environment for Federal BYOD Legal Environment for Federal BYOD AMARC Workshop: Developing a BYOD Framework Federal Mobile Computing Summit (Washington, DC) Thursday, March 6, 2014, 9am-12pm Alex Tang, Attorney Office of General Counsel,

More information

The BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012

The BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012 The BYOD Challenge Noel A. Nazario Senior Manager, Ernst & Young ISACA NCAC Emerging Technology Conference 20 November 2012 Disclaimer The methods and approaches discussed are intellectual property of

More information

Security and Privacy Considerations for BYOD

Security and Privacy Considerations for BYOD Security and Privacy Considerations for BYOD Carol Woodbury, President SkyView Partners, Inc 1 Introduction The world of BYOD (Bring Your Own Device) is rapidly expanding. You may not think it s happening

More information

Practical Legal Aspects of BYOD

Practical Legal Aspects of BYOD Practical Legal Aspects of BYOD SESSION ID: LAW-F01 Lawrence Dietz General Counsel & Managing Director TalGlobal Corporation ldietz@talglobal.net +1 408 993 1300 http://psyopregiment.blogspot.com Francoise

More information

Creating a Bulletproof BYOD (Bring Your Own Device) Policy for Personal Devices At Work

Creating a Bulletproof BYOD (Bring Your Own Device) Policy for Personal Devices At Work Creating a Bulletproof BYOD (Bring Your Own Device) Policy for Personal Devices At Work FEATURED FACULTY: Amy F. Melican, Associate, Proskauer 212.969.3641 AMelican@proskauer.com Traci Clements, Attorney,

More information

Mobile Devices in the Workplace: What Every Employer Needs to Know

Mobile Devices in the Workplace: What Every Employer Needs to Know Mobile Devices in the Workplace: What Every Employer Needs to Know Presented by: Shannon Huygens Paliotta Senior Associate, Littler Mendelson, P.C. spaliotta@littler.com (412) 201-7631 Marcy McGovern Knowledge

More information

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program

More information

County of Grande Prairie - Information Systems

County of Grande Prairie - Information Systems County of Grande Prairie - Information Systems Title [Systems] [BRING YOUR OWN DEVICE - BYOD] - Procedure Location Buddie Systems and HR Documents Approved by Natalia Madden Collaborators Sophie Mercier,

More information

BRING YOUR OWN DEVICE

BRING YOUR OWN DEVICE BRING YOUR OWN DEVICE A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs AUGUST 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers

More information

Federal Trade Commission Privacy Impact Assessment. Conference Room Scheduling PIA

Federal Trade Commission Privacy Impact Assessment. Conference Room Scheduling PIA Federal Trade Commission Privacy Impact Assessment Conference Room Scheduling PIA July 2014 1. System Overview The Federal Trade Commission (FTC) uses conference spaces in various FTC facilities and FTC-leased

More information

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida 2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Privacy Impact Assessment

Privacy Impact Assessment MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT

More information

PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014

PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014 PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014 Baron Rodriguez, PTAC Director Mike Tassey, PTAC Security Consultant Today s Presentation Toolkit for the school districts overview

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

Bring Your Own Device (BYOD) and Mobile Device Management

Bring Your Own Device (BYOD) and Mobile Device Management Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect

More information

Adams County, Colorado

Adams County, Colorado Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents

More information

Federal Trade Commission. Privacy Impact Assessment. Mobile Device Management System

Federal Trade Commission. Privacy Impact Assessment. Mobile Device Management System Federal Trade Commission Privacy Impact Assessment Mobile Device Management System February 2015 1 1. Overview The FTC Mobile Device Management (MDM) System includes three separate components that provide

More information

BYOD Policy for [AGENCY]

BYOD Policy for [AGENCY] BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein

More information

Southwest Airlines 2013 Terms of Use Portable Devices Feb 2013

Southwest Airlines 2013 Terms of Use Portable Devices Feb 2013 1 TERMS OF USE As of February 3, 2013 The following terms and conditions of use ( Terms of Use ) form a legally binding agreement between you (an entity or person) and Southwest Airlines Co. ( Southwest

More information

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect

More information

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,

More information

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section

More information

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal

More information

USE AND MONITORING OF DOJ COMPUTERS AND COMPUTER SYSTEMS

USE AND MONITORING OF DOJ COMPUTERS AND COMPUTER SYSTEMS DOJ 2740.1A Change 1 Approval Date: November 30, 2010 Approved By: Lee J. Lofthus ~~ Assistant Attorney General ~~-. for Administration Initiated by: Justice Management Division Off of General Counsel

More information

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

Bring Your Own Device Security and Privacy Legal Risks

Bring Your Own Device Security and Privacy Legal Risks Bring Your Own Device Security and Privacy Legal Risks Introduction Information Law Group, LLP National boutique firm with focus on information law Experienced, nationally-recognized privacy, technology,

More information

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

A Bring Your Own Device (BYOD) Overview

A Bring Your Own Device (BYOD) Overview A Bring Your Own Device (BYOD) Overview As Presented At AMARC Workshop: Developing A BYOD Framework March 6, 2014 All copyrightable text and graphics, the selection, arrangement, and presentation of all

More information

Federal Trade Commission Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment Federal Trade Commission Privacy Impact Assessment for the: StenTrack Database System September, 2011 1 System Overview The Federal Trade Commission (FTC) protects America s consumers. As part of its work

More information

Successful ediscovery in a Bring Your Own Device Environment

Successful ediscovery in a Bring Your Own Device Environment IT@Intel White Paper Intel IT IT Best Practices IT Governance and IT Consumerization June 2012 Successful ediscovery in a Bring Your Own Device Environment Executive Overview Close collaboration between

More information

Bring Your Own Device. Individual Liable User Policy Considerations

Bring Your Own Device. Individual Liable User Policy Considerations Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations

More information

Bring Your Own Device Mobile Security

Bring Your Own Device Mobile Security Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.

More information

Use of tablet devices in NHS environments: Good Practice Guideline

Use of tablet devices in NHS environments: Good Practice Guideline Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood

More information

Privacy Impact Assessment

Privacy Impact Assessment Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief

More information

Adapting to a Mobile World

Adapting to a Mobile World Adapting to a Mobile World Kimberly Hancher Chief Information Officer U.S. Equal Employment Opportunity Commission March 2014 STATUS OF MOBILITY IN GOVERNMENT According to Mobile Work Exchange research:

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

A LEGAL PERSPECTIVE OF BYOD Building Awareness to Enable BYOD and Mitigate Its Risks. By Michael Finneran and Jim Brashear January 2014

A LEGAL PERSPECTIVE OF BYOD Building Awareness to Enable BYOD and Mitigate Its Risks. By Michael Finneran and Jim Brashear January 2014 A LEGAL PERSPECTIVE OF BYOD Building Awareness to Enable BYOD and Mitigate Its Risks By Michael Finneran and Jim Brashear January 2014 What to Consider In managing the Bring-Your-Own-Device (BYOD) strategy

More information

BYOD BEST PRACTICES GUIDE

BYOD BEST PRACTICES GUIDE BYOD BEST PRACTICES GUIDE 866.926.8746 1 www.xantrion.com TABLE OF CONTENTS 1 Changing Expectations about BYOD... 3 2 Mitigating the Risks... 4 2.1 Establish Clear Policies and Expectations... 4 2.2 Create

More information

Use of Mobile Apps in the Workplace:

Use of Mobile Apps in the Workplace: Use of Mobile Apps in the Workplace: PRIVACY & SECURITY ADAM D.H. GRANT AGRANT@ALPERTBARR.COM Cell Phone & Tablet Ownership 91% of American adults own a cell phone 56% have smartphones Of Americans aged

More information

Android Developer Applications

Android Developer Applications Android Developer Applications January 31, 2013 Contact Departmental Privacy Office U.S. Department of the Interior 1849 C Street NW Mail Stop MIB-7456 Washington, DC 20240 202-208-1605 DOI_Privacy@ios.doi.gov

More information

The CIO s Guide to HIPAA Compliant Text Messaging

The CIO s Guide to HIPAA Compliant Text Messaging The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially

More information

Bring Your Own Devices (BYOD) Information Governance Guidance

Bring Your Own Devices (BYOD) Information Governance Guidance Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations considering whether to enable the use of Bring

More information

PEER-TO-PEER FILE SHARING POLICY

PEER-TO-PEER FILE SHARING POLICY 1.0 Overview The purpose of this Policy is to detail the University s plans to effectively combat the unauthorized distribution of copyrighted material by users of the Information Technology Resources,

More information

Bring Your Own Devices (BYOD) Information Governance Guidance

Bring Your Own Devices (BYOD) Information Governance Guidance Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own

More information

Standard Operating Procedure Information Security Compliance Requirements under the cabig Program

Standard Operating Procedure Information Security Compliance Requirements under the cabig Program Page 1 of 9 Pages Standard Operating Procedure Information Security Compliance Requirements under the cabig Program This cover sheet controls the layout and components of the entire document. Issued Date:

More information

DUUS Information Technology (IT) Acceptable Use Policy

DUUS Information Technology (IT) Acceptable Use Policy DUUS Information Technology (IT) Acceptable Use Policy Issue Date: October 1, 2013 Effective Date: October 1, 2013 Revised Date: Number: DHHS-2013-002 1.0 Purpose and Objectives The purpose of this policy

More information

Kony Mobile Application Management (MAM)

Kony Mobile Application Management (MAM) Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview

More information

Insert Partner logo here. Financial Mobility Balancing Security and Success

Insert Partner logo here. Financial Mobility Balancing Security and Success Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.

More information

CONSUMERIZATION OF IT BYOD and Cloud-based File Storage

CONSUMERIZATION OF IT BYOD and Cloud-based File Storage CONSUMERIZATION OF IT BYOD and Cloud-based File Storage Moderator: John Payne, Principal Consultant, Pueblo Technology Group, Inc. Speakers: Royce Holden, Director of Information Technology, Greater Asheville

More information

Data Security in a Mobile, Cloud-Based World

Data Security in a Mobile, Cloud-Based World Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted

More information

A White Paper from AccessData Group. The Future of Mobile E-Discovery

A White Paper from AccessData Group. The Future of Mobile E-Discovery A White Paper from AccessData Group The Future of Mobile E-Discovery Contents 1. The changing landscape of e-discovery 2. New expectations in the courtroom 3. Mobile discovery within corporations 4. MPE+

More information

Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements. Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP

Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements. Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP Agenda Communicating with Patients Security Rule compliance

More information

A White Paper from AccessData Group. The Future of Mobile E-Discovery

A White Paper from AccessData Group. The Future of Mobile E-Discovery A White Paper from AccessData Group The Future of Mobile E-Discovery Contents 1. The changing landscape of e-discovery 2. New expectations in the courtroom 3. Mobile discovery within corporations 4. MPE+

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

BRING YOUR OWN DEVICE

BRING YOUR OWN DEVICE BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

MOBILE DEVICE SECURITY POLICY

MOBILE DEVICE SECURITY POLICY State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois Department of Central Management Services Bureau of Communication and Computer

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

Asset Management In A Consumerized World

Asset Management In A Consumerized World Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee

More information

Utica College. Information Security Plan

Utica College. Information Security Plan Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles

More information

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING

ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

MOBILE DEVICE MANAGEMENT (MDM)

MOBILE DEVICE MANAGEMENT (MDM) PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:

More information

Corporate Mobile Policy Template

Corporate Mobile Policy Template Updated July 2011 Three major changes have occurred over the past 18 months that require updates to your organization s mobile policy. These changes include widespread adoption of tablet devices, changes

More information

INFORMATION SECURITY Humboldt State University

INFORMATION SECURITY Humboldt State University CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of

More information

Information Security Program Management Standard

Information Security Program Management Standard State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS Clarissa Cerda, EVP, Chief Legal Officer and Secretary, LifeLock Kimberly Cilke, CIPP/US Deputy General Counsel, GoDaddy.com Timothy Sparapani

More information

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9 1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless

More information

HIPAA Requirements and Mobile Apps

HIPAA Requirements and Mobile Apps HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,

More information

Federal Trade Commission Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

www.fedtechmagazine.com/article/2012/05/locking-down-byod

www.fedtechmagazine.com/article/2012/05/locking-down-byod CASE STUDIES TACTICAL ADVICE RESOURCES Infrastructure Optimization Security Storage Networking Mobile & Wireless Hardware & Software Management CURRENT ISSUE Subscribe 1/8 5 Next Level Data Consolidation

More information

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader EXECUTIVE DECISION NOTICE SERVICE AREA: SUBJECT MATTER: DECISION: DECISION TAKER(S): DESIGNATION OF DECISION TAKER(S): GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY That the Personal

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

Mobile Device Security Risks and RemediaAon Approaches

Mobile Device Security Risks and RemediaAon Approaches Mobile Device Security Risks and RemediaAon Approaches Raj Chaudhary, Principal, Crowe Horwath LLP In- Depth Seminars D11 CRISC CGEIT CISM CISA Informal Poll What is your Atle/role? Internal Audit IT Audit

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

Network Security Policy

Network Security Policy Network Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS

More information

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES

More information

BYOD: Bring your own device

BYOD: Bring your own device FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE, MINING AND COMMODITIES TRANSPORT TECHNOLOGY AND INNOVATION PHARMACEUTICALS AND LIFE SCIENCES BYOD: Bring your own device How to make BYOD a PLUS, not a RISK

More information

Federal Trade Commission Privacy Impact Assessment. for the: Secure File Transfer System

Federal Trade Commission Privacy Impact Assessment. for the: Secure File Transfer System Federal Trade Commission Privacy Impact Assessment for the: Secure File Transfer System June 2011 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal

More information

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Securing Health Data in a BYOD World

Securing Health Data in a BYOD World BUSINESS WHITE PAPER Securing Health Data in a BYOD World Five strategies to minimize risk Securing Health Data in a BYOD World Table of Contents 2 Introduction 3 BYOD adoption drivers 4 BYOD security

More information

Policy Outsourcing and Cloud Based File Sharing

Policy Outsourcing and Cloud Based File Sharing Policy Outsourcing and Cloud Based File Sharing Version 3.1 TABLE OF CONTENTS Outsourcing Policy... 2 Outsourcing Management Standard... 2 Overview... 2 Standard... 2 Outsourcing Policy... 3 Policy Statement...

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

Questions And Answers. Electron ic Monitoring in the Workplace

Questions And Answers. Electron ic Monitoring in the Workplace Questions And Answers Electron ic Monitoring in the Workplace Kevin J. Smith and Rachel J. Tischler Employers and employment attorneys alike have been concerned about the legal limits of electronic monitoring

More information

Don t Let A Security Breach Put You Out of Business

Don t Let A Security Breach Put You Out of Business Don t Let A Security Breach Put You Out of Business Committed to providing you with the most innovative security and privacy solutions. www.boomtechit.com Bring Your Own Device (BYOD) and Mobile Device

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 ) Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 ) Overview: The Bring Your Own Device (BYOD) program allows employees to use their own computing

More information

E-Mail Secure Gateway (EMSG)

E-Mail Secure Gateway (EMSG) for the E-Mail Secure Gateway (EMSG) DHS/ALL/PIA-012(b) February 25, 2013 Contact Point David Jones MGMT/OCIO/ITSO/ESDO DHS HQ (202) 447-0167 Reviewing Official Jonathan R. Cantor Acting Chief Privacy

More information

CITY OF PORTLAND HUMAN RESOURCES ADMINISTRATIVE RULES EMPLOYEE BEHAVIOR &EXPECTATIONS 4.08 INFORMATION TECHNOLOGIES

CITY OF PORTLAND HUMAN RESOURCES ADMINISTRATIVE RULES EMPLOYEE BEHAVIOR &EXPECTATIONS 4.08 INFORMATION TECHNOLOGIES CITY OF PORTLAND HUMAN RESOURCES ADMINISTRATIVE RULES EMPLOYEE BEHAVIOR &EXPECTATIONS 4.08 INFORMATION TECHNOLOGIES Purpose The City of Portland provides information technologies to its employees to use

More information