Protecting MIT Data. State Laws & Regulations. T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia

Size: px
Start display at page:

Download "Protecting MIT Data. State Laws & Regulations. T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia"

Transcription

1 Protecting MIT Data T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia State Laws & Regulations General Laws, Chapter 93H: Massachusetts Data Breach Law, outlines when to notify (2007) 201 CMR 17.00: Regulations for Massachusetts Data Breach Law (2010)

2 Federal Laws FERPA - Family Educational Rights & Privacy Act PCI-DSS - Payment Card Industry Data Security Standards HIPAA - Health Insurance Portability & Accountability Act GLBA - Gramm Leach Bliley Act MIT Policies MIT Policy 11.0 on Privacy & Disclosure of Information MIT Policy 13.2 on Use of Information Technology FACTA Red Flag Rules - MIT Identity Theft Prevention Program

3 PIRN PIRN = Personal Information Requiring Notification Social Security Numbers Driver s Licenses Health Records (PCI) Credit Card & Bank Account Numbers WISP WISP = Written Information Security Program Applies to any area where PIRN is reviewed, manipulated, deleted or stored Outlines roles for Business Process Owners and System Owners defining how to protect data in their stewardship web.mit.edu/infoprotect/wisp

4 Where MIT has PIRN Human Resources (Benefits, SAP, Data Warehouse, etc) Student Services (Admissions, SFS, Registrar, etc) Financial (Payroll, Accounts Payable, Procurement, etc) Medical (MIT Medical, Benefits) Where MIT has PIRN (cont.) IT (Enterprise Systems, Departmental Databases, etc) MIT Merchants accepting credit cards DLC Administration Academic & Research Areas

5 Finding the Data If you don t know where it is, you can t protect it. Search Data Tool Identity Finder - runs and reports back any sensitive data it finds, and lets user take appropriate action

6 Identity Finder Seeks: passwords, social security numbers, credit card numbers, bank account numbers Actions: redact, shred, encrypt

7

8 Protecting PIRN in DUE/DSL Our Collective Responsibility

9 Methods employed to protect data General Computer Policies OS/Security updates and patches applied Virus Protection/Firewalls turned on Required Login Eraser (PC); Secure Empty Trash (Mac) Laptop Policies/Requirements STOP! security tags Security cables Behavioral Change: Consistent use of security cables PGP Whole Disk Encryption Behavioral Change: No traveling in sleep mode Using Identity Finder in DUE/DSL Staff are required to run Identity Finder at least once a month (more often as determined by the dept. head). Staff must eliminate or secure sensitive data. Staff may not choose ignore for any occurrences of sensitive data. An action to remove or secure is required. To retain PIRN staff may need authorization from their dept. head or manager.

10 DUE/DSL Staff Guidelines Any suspicion of a virus infection must be reported immediately - no waiting. Stop using the computer. Disconnect the ethernet cable or disable wireless (Stop the network traffic.) Leave the computer on so IT staff can view the behavior. 19 Locking Down the Data If you can t protect it, don t collect it.

11 Encryption PGP Desktop Whole Disk Encryption - protects hard disk when computer is turned off PGP Desktop Installation Misconceptions / caveats Support

12 Minimizing the Data You can t lose what you don t have. Redaction Removing the sensitive bits from Excel, Word, FileMaker, PDF files When the data is not necessary to run tasks

13 Secure Delete Macs have secure deletion built in: secure empty trash or Disk Utility PCs can use third-party software: PGP Shred, Eraser, DBAN, etc Services for IT asset disposal IT Asset Disposition

14 PRODUCT PROCUREMENT REVERSE SUPPLY CHAIN SOLUTIONS IT ASSET DISPOSITION IT Asset Disposition Massachusetts Institute of Technology Agenda Who is Converge Protecting the MIT Brand and MIT s Data Converge - Asset Manager Remarketing and revenue generation Ease of doing business 28

15 Converge Global Headquarters 4 Technology Drive Peabody, Massachusetts United States 29 Arrow Electronics & Converge Founded in 1935, incorporated in 1946, public in 1961 New York Stock Exchange: ARW 2009 Sales: 14.7 billion Fortune 500 ranking of 151 Worldwide presence: in 51 countries and over 350 locations Over 11,300 employees Worldwide customers 125,000 Corporate Headquarters: Melville, New York 30

16 Converge ITAD Objectives ITAD Objectives For Our Clients: 1) Mitigate Data Security Risks 2) Ensure Environmental Compliance 3) Optimizing the disposition of end-of-life technology - Maximize value - Minimize costs Converge s goal is to protect Clients brand names from costly fines, penalties and/or litigation due to a data security breach or environmental non-compliance. 31 Converge IT Asset Disposition (ITAD) Full suite of secure, compliant end-of-life IT asset disposition services Global coverage Secure transportation Data security: erasure & destruction Environmental compliance / recycling Remarketing of systems and components Redeployment / donations Lease return services Reporting Exclusive Web-based Asset Manager system allows client to securely manage their ITAD program in real time - from pickup to final disposition 32

17 Strict Recycling Policy Utilize only EPA-recognized e-waste disposal methods and provide certification that all materials have been processed in an environmentally compliant manner following our electronic waste recycling policy: Zero landfill Zero incineration Zero waste exported Reuse of all reclaimed base materials Certificates of recycling are issued to demonstrate that assets have been properly disposed of and recycled. 33 Certifications ISO9001 ISO14001 OHSAS18001 Health & Safety ANSI/ESD S20.20 Electronics Discharge Certified Customs-Trade Partnership Against Terrorism International Association of IT Asset Managers Member Microsoft Registered Refurbisher Certifications In Process National Association of Information Destruction Responsible Recycling IDC G.R.A.D.E. Green Recycling and Asset Disposal for the Enterprise 34

18 Comprehensive ITAD Services Logistics: Scheduling Onsite preparation, packing, and palletizing Secure transportation Ensure import/export compliance Processing: Asset registration and sanitization Data erasure / hard drive shredding Testing 35 Disposition Methods Utilized: Asset remarketing Donation services Re-deployment services Complaint recycling (zero landfill,zero e-waste export) Lease return services Asset Manager Tracking System Secure, web-based scheduling, tracking, and reporting Real-time chain-of-custody tracking Easy to use search tools Asset level reporting Compliance documents Certificate of Recycling Certificate of Destruction Certificate of Erasure Certificate of Donation Over 50 standard reports Customized reporting available Global view 24x7x365 36

19 Questions? 37 Thanks for your time today! Please call me with any questions or to schedule a Converge Asset Manager Demonstration Bob DiMattia Robert.dimattia@converge.com work cell 38

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Arrow IT Asset Disposition Trends Report

Arrow IT Asset Disposition Trends Report IT Asset Disposition ITAD Trends Report Arrow IT Asset Disposition Trends Report The data is in, and IT-industry practitioners have made it clear that concern over data security is the number one reason

More information

TABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6

TABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6 GENERAL SERVICES ADMINISTRATION FEDERAL SUPPLY SERVICE 899-ENVIRONMENTAL SERVICES AUTHORIZED FEDERAL SUPPLY SCHEDULE PRICE LIST On-line access to contract ordering information, terms and conditions, up-to-date

More information

A Guide to Minimizing the Risk of IT Asset Disposition

A Guide to Minimizing the Risk of IT Asset Disposition A Guide to Minimizing the Risk of IT Asset Disposition Who is concerned about risk? They may not think about it terms of risk, but almost everyone at your organization is worried about the chinks in its

More information

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail. Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20

More information

Building an ITAD Program:

Building an ITAD Program: Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

Secure Mobile Shredding and. Solutions

Secure Mobile Shredding and. Solutions Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled

More information

Table of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery

Table of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery IT Asset Manager s Guide to Disposition As the person accountable for managing the life cycle of your organization s IT assets, you have a number of unique concerns in regard to the disposition of those

More information

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number: State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2

More information

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00 Client Advisory October 2009 Data Security Law MGL Chapter 93H and 201 CMR 17.00 For a discussion of these and other issues, please visit the update on our website at /law. To receive mailings via email,

More information

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and

More information

Information Security Policy

Information Security Policy Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED

More information

E-waste Challenges & Solutions

E-waste Challenges & Solutions E-waste Challenges & Solutions December 2013 SIMS at a glance Global 6 continents, 46 countries Over 500,000 tonnes processed annually #11 on the list of Global 100 Most Sustainable Companies Quality ISO

More information

Page 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.

Page 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved. Page 1 Page 2 Page 3 Agenda Defining the Massachusetts Personal Data Security Law Becoming Compliant Page 4 Massachusetts Privacy Law Defining the Massachusetts Personal Data Security Law - 201 CMR 17.00

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

Data Security for ITAD, Corporate & Consumer Electronics

Data Security for ITAD, Corporate & Consumer Electronics Up cy cle \ ŭp-sỳ-kil\ v (ca. 2011) 1. the action of giving devices a second life 2. the mission to keep electronics out of landfills 3. to fund important causes without writing a check 4. to nearly double

More information

Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS

Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

Responsibly Retiring IT Assets, Medical or Laboratory Equipment

Responsibly Retiring IT Assets, Medical or Laboratory Equipment Responsibly Retiring IT Assets, Medical or Laboratory Equipment Agenda Introductions David Zimet, President, Hesstech, LLC Industry Overview Key Issues When Retiring Electronic Equipment Data Security

More information

Value Recovery Enterprise IT Asset Disposition

Value Recovery Enterprise IT Asset Disposition Value Recovery Enterprise IT Asset Disposition arrowvaluerecovery.com Enterprise IT Asset Disposition The world of Five Years Out is all about new thinking, new materials, new standards New everything.

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE IT ASSET DISPOSITION Technology is introduced to business workflows to increase productivity and boost earnings. When the time comes to remove off-lease and end-oflife IT assets, shouldn t those goals

More information

PII Personally Identifiable Information Training and Fraud Prevention

PII Personally Identifiable Information Training and Fraud Prevention PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

DOCUMENT CURRENT VENDORS AND CONTRACTS 2014 IT ASSET DISPOSITION PLAN

DOCUMENT CURRENT VENDORS AND CONTRACTS 2014 IT ASSET DISPOSITION PLAN DOCUMENT CURRENT VENDORS IT ASSET AND CONTRACTS DISPOSITION 2014 PLAN ASSESSMENT Organizations that lack an actively managed and well thought-out IT asset disposition (ITAD) program may be exposing themselves

More information

Value Recovery. arrow.com

Value Recovery. arrow.com Value Recovery arrow.com Value Recovery With Arrow Value Recovery, it s often not the end of a product s life it s the beginning of a different one. The world of Five Years Out is all about new thinking,

More information

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004) Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative

More information

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.

More information

Understanding Data Destruction and How to Properly Protect Your Business

Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical

More information

Data Protection, Privacy and the Law. Presented for Data Privacy Month 2013 Presented by Tim Gurganus, OIT And Clifton Williams, OGC

Data Protection, Privacy and the Law. Presented for Data Privacy Month 2013 Presented by Tim Gurganus, OIT And Clifton Williams, OGC Presented for Data Privacy Month 2013 Presented by Tim Gurganus, OIT And Clifton Williams, OGC Payment Card Industry Data Security Standard (PCI-DSS) Protection of card holder data processed, stored or

More information

PII = Personally Identifiable Information

PII = Personally Identifiable Information PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization

More information

Smith College Information Security Risk Assessment Checklist

Smith College Information Security Risk Assessment Checklist Smith College Information Security Risk Assessment Checklist This form contains a checklist for individual data handlers who are conducting an information security risk assessment of their work environment.

More information

Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business

Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Allow AMI to unlock the value in your redundant IT equipment by extending the lifecycle of your

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

Research Support Council (RSC) - What Data is Sensitive and How

Research Support Council (RSC) - What Data is Sensitive and How Research Support Council (RSC) - What Data is Sensitive and How Do We Keep it Private? John L. Baines, AD IT Policy & Compliance Tuesday, May 14, 2013 9:00 am 9:30 am Witherspoon Student Center John_Baines@ncsu.edu

More information

b. USNH requires that all campus organizations and departments collecting credit card receipts:

b. USNH requires that all campus organizations and departments collecting credit card receipts: USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System

More information

Rowan University Data Governance Policy

Rowan University Data Governance Policy Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data

More information

Asset Management Equipment Redeployment And Termination Services. A Service Offering From Data Center Assistance Group, Inc.

Asset Management Equipment Redeployment And Termination Services. A Service Offering From Data Center Assistance Group, Inc. DCAG Data Center Assistance Group, Inc. Revision Date: 5/20/2013 Asset Management Redeployment And Termination Services A Service Offering From Data Center Assistance Group, Inc. (DCAG) Prepared by: Thomas

More information

Critical Data Guide. A guide to handling critical information at Indiana University

Critical Data Guide. A guide to handling critical information at Indiana University Critical Data Guide A guide to handling critical information at Indiana University What is critical information? IU defines critical information as sensitive data requiring the highest level of protection.

More information

PCI Security Awareness for ECU Payment Card Merchants

PCI Security Awareness for ECU Payment Card Merchants PCI Security Awareness for ECU Payment Card Merchants Read this document carefully. Sign, date, and return the last page to your departmental PCI coordinator, who is required to store the documentation

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

Vulnerability Management Policy

Vulnerability Management Policy Vulnerability Management Policy Policy Statement Computing devices storing the University s Sensitive Information (as defined below) or Mission-Critical computing devices (as defined below) must be fully

More information

Information Security

Information Security IT Orientation at Penn Information Security October 21, 2015 Joshua Beeman University Information Security Officer jbeeman@isc.upenn.edu (215) 746-7077 www.upenn.edu/computing/security security@isc.upenn.edu

More information

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF Susan Blair Chief Privacy Officer Cheryl Granto Information Security Manager, UFIT Information Security RULES OF THE ROAD Information Highway Danger Zones

More information

Other terms are defined in the Providence Privacy and Security Glossary

Other terms are defined in the Providence Privacy and Security Glossary Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:

More information

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the

More information

Secure Data Destruction

Secure Data Destruction Secure Data Destruction Secure Data Elimination (Degauss) Onsite Magnetic Degaussing service eliminates data from Tape and Magnetic Hard Disk media Portable machines allow for degaussing to be competed

More information

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers

More information

Congregation Identity Theft Education Program

Congregation Identity Theft Education Program Congregation Identity Theft Education Program Definition - PII Personal Identity Information (PII) is defined as any data that can be used by a third party to steal an individual s or entity s identity

More information

IT Asset disposition services

IT Asset disposition services IT Asset disposition services Serverhuset help you do business while following the EU-directive on WEEE Table of contents We help our customers become more cost efficient and environmentally friendly by

More information

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012 Payment Card Industry (PCI) Data Security Standard (DSS) Compliance SIFMA June 13, 2012 EisnerAmper Consulting Services Group Overview of EisnerAmper Fifth fhlargest accounting firm in the Metro New York

More information

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

Covered Areas: Those EVMS departments that have activities with Covered Accounts. I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information September 14, 2010 CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information 2010 Kroll Ontrack Inc. www.ontrackdatarecovery.com Agenda Introduction 1 Agenda Introduction

More information

POLICY ON COMPUTER PROVISIONING

POLICY ON COMPUTER PROVISIONING Effective Date: July 1, 2013 Supersedes /Amends: November 16, 2010 Originating Office: Office of the Vice-President, Services Policy Number: VPS-32 PURPOSE Client Computers (as defined below) are intended

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA PURPOSE PURPOSE This document provides guidance to offices about protecting sensitive customer and company information. The protection of Non-public Personal

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

Waste, Not! Recovering Value from Unused and Surplus IT Assets

Waste, Not! Recovering Value from Unused and Surplus IT Assets Waste, Not! Recovering Value from Unused and Surplus IT Assets A CNE Direct Whitepaper Contents 2 Introduction 3 The Asset-Value Recovery Landscape 4 Five Steps to Maximizing Asset-Value Recovery 6 Conclusion

More information

County Identity Theft Prevention Program

County Identity Theft Prevention Program INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

MOBILE DEVICE SECURITY POLICY

MOBILE DEVICE SECURITY POLICY State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois Department of Central Management Services Bureau of Communication and Computer

More information

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding secure shredding Secure Shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Does This Sound Familiar? I want to protect my company s reputation and

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

A LIST OF PRIVACY AND DATA SECURITY TRAINING REQUIREMENTS

A LIST OF PRIVACY AND DATA SECURITY TRAINING REQUIREMENTS A LIST OF PRIVACY AND DATA SECURITY TRAINING REQUIREMENTS HIPAA Privacy and Security Rules HIPAA s Privacy and Security Rules have extensive training requirements. HIPAA requires a covered entity to train

More information

Cyber, Security and Privacy Questionnaire

Cyber, Security and Privacy Questionnaire Cyber, Security and Privacy Questionnaire www.fbinsure.com Please note: This is an electronic application. When completed please save and email to: Ed McGuire emcguire@fbinsure.com Cyber, Security & Privacy

More information

IT Security & Compliance Risk Assessment Capabilities

IT Security & Compliance Risk Assessment Capabilities ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,

More information

Information Security

Information Security IT Orientation at Penn Information Security May 8, 2013 Joshua Beeman University Information Security Officer jbeeman@isc.upenn.edu (215) 746-7077 www.upenn.edu/computing/security security@isc.upenn.edu

More information

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern

More information

Value Recovery. arrow.com

Value Recovery. arrow.com Value Recovery arrow.com Value Recovery With Arrow Value Recovery, it s often not the end of a product s life it s the beginning of a different one. The world of Five Years Out is all about new thinking,

More information

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss

More information

We are the solution. erecycling. We have the solution. made easy.

We are the solution. erecycling. We have the solution. made easy. We have the solution. erecycling made easy. Nowadays, business and technology go hand in hand. But what happens to those old or unwanted electronics? The answer, more often than not, is: nothing. We stack

More information

Appendix 1 Payment Card Industry Data Security Standards Program

Appendix 1 Payment Card Industry Data Security Standards Program Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Massachusetts Residents

Massachusetts Residents Identity Theft & Fraud Protection for Identity Theft & Fraud Protection for Massachusetts Residents Copyright Notice November 2009 Joe Burns All rights reserved This PowerPoint presentation is a part of

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Identity Theft Security and Compliance: Issues for Business

Identity Theft Security and Compliance: Issues for Business Identity Theft Security and Compliance: Issues for Business The Facts Six Common Uses for Stolen Information Financial Criminal Medical DMV Social Security Terrorist The Facts A Chronology of Data Breaches

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

JUST JUST WON T CUT IT. hen your PERSONAL SHREDDER. ShredStation Express. Thank You WON T CUT IT. when your JUST PERSONAL SHREDDER WON T CUT IT

JUST JUST WON T CUT IT. hen your PERSONAL SHREDDER. ShredStation Express. Thank You WON T CUT IT. when your JUST PERSONAL SHREDDER WON T CUT IT hen your Thank You for your interest in franchising ShredStation Express About Us ShredStation Express is a leader in residential and small business information destruction and recycling. Through its various

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security

More information

Fujitsu Asset Lifecycle Management Services

Fujitsu Asset Lifecycle Management Services Fujitsu Asset Lifecycle Management Services Reshaping ICT, Reshaping Business Contents 1.1 Introduction 3 1.2 Our approach 4 1.2.1 Fujitsu differentiators 5 1.3 Capability 6 1.3.1 Compliance 6 1.3.2 Tools

More information

TOURO UNIVERSITY WORLDWIDE AND TOURO COLLEGE LOS ANGELES IDENTITY THEFT PREVENTION POLICY 1.0 POLICY/PROCEDURE 2.0 PURPOSE 3.0 SCOPE 4.

TOURO UNIVERSITY WORLDWIDE AND TOURO COLLEGE LOS ANGELES IDENTITY THEFT PREVENTION POLICY 1.0 POLICY/PROCEDURE 2.0 PURPOSE 3.0 SCOPE 4. TOURO UNIVERSITY WORLDWIDE AND TOURO COLLEGE LOS ANGELES IDENTITY THEFT PREVENTION POLICY 1.0 POLICY/PROCEDURE Touro adopts this identity theft policy to help protect employees, students, contractors and

More information

Keep Your Data Secure: Fighting Back With Flash

Keep Your Data Secure: Fighting Back With Flash Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up

More information

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on

More information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment

More information