THE RESEARCHER S GUIDE TO DATA PRIVACY
|
|
- Camilla Barton
- 8 years ago
- Views:
Transcription
1 THE RESEARCHER S GUIDE TO DATA PRIVACY PAUL HANCOCK, ACCESS AND PRIVACY MANAGER, OFFICE OF THE UNIVERSITY COUNSEL KAITLYN GUTTERIDGE, LEAD PRIVACY, POLICY AND AGREEMENTS, POPULATION DATA BC
2 Overview Introduction to data privacy and security Researcher checklist (data lifecycle) Planning and project preparation Data collection and analysis Data storage Data destruction and retention Question period
3 Scope Legislation: Freedom of Information and Protection of Privacy Act (FIPPA) Personal Information Protection Act, E-Health Act Policies and Procedures: UBC (Privacy Fact Sheets, Information Security Standards) Affiliated institutions Population Data BC s education and training
4 Is Big Brother Watching You? Personal Information: Pizza Delivery
5 What is Privacy? Our Focus is on Data Privacy: Concerned with establishing rules that govern the collection, handling and disclosure of personal information. Relates to primary, secondary and linked data Personal Information: recorded information about an identifiable individual, not including contact information
6 Examples of Personal Information Name, identifying number, symbol or other particular assigned to an individual (e.g. Social Insurance Numbers, bank account numbers, Student IDs) Race, national/ethnic origin, religion, age, marital status Education, medical, employment or criminal history Personal mailing or address, fingerprints, blood type Personal opinions or views (political, preferences etc.) Private or confidential correspondence
7 Notable privacy headlines Research in the Public Eye
8 Notable privacy headlines Research in the Public Eye
9 Data Lifecycle: The Four Phases Planning and Grant Writing Data Retention and Destruction Data Collection Data Storage and Analysis
10 Planning and Grant Writing Phase Planning and Grant Writing Data Retention and Destruction Data Collection Data Storage and Analysis
11 Planning and Grant Writing Phase Plan in advance Write privacy into your budget Hire project team members with privacy experience Provide privacy and information security details in your grant proposal and REB application Review, refresh, understand Legislative requirements UBC s Access and Privacy and Information Security Requirements UBC s Information Security Reporting and Handling Privacy Breaches procedures
12 Planning and Grant Writing Phase Consider your potential privacy landscape Internal Privacy Impact Assessment Risk versus Control Inventory Canadian Standards Association Model Code for the Protection of Privacy Make it a team vision TCPS2 Course on Research Ethics Confidentiality pledge / project agreement Regular team meetings to discuss privacy and security
13 Data Collection Phase Planning and Grant Writing Data Retention and Destruction Data Collection Data Storage and Analysis
14 Data Collection Phase Consent forms Clearly identify all methods of: Collection, Use, Disclosure, Storage, Linkage Opt-in/out clauses Measurement tools Need to know vs nice to know Electronic measurement tools e.g. GPS, Accelerometer, biometric data
15 Data Storage and Analysis Phase Planning and Grant Writing Data Retention and Destruction Data Collection Data Storage and Analysis
16 Data Storage and Analysis Phase De-identify immediately Segregate personal information from other data Encrypt crosswalk file that correlates study ID to personal information Secure any paper copies with personal information Electronic data access Provide access based on roles Restrict user accounts and folder permissions Implement logging function to audit access to data
17 Data Storage and Analysis Phase Say NO to the Cloud! No consent = no storage outside Canada Use tools such as: Centralized Servers, UBC s Workspace, PopData s Secure Research Environment Implement requirements for physical and information security controls
18 Data Storage and Analysis Stage DATA SECURITY CONTROLS ENCRYPTION STORAGE ON SERVERS STORAGE ON MOBILE MEDIA & DEVICES TRANSMISSION TELECOMMUTING & REMOTE ACCESS Reduce data to minimum amount necessary Word, Excel & Zip files may be encrypted Devices may also be encrypted (Full Disk Encryption) using strong passwords/passphrases and key escrow Keep data in Canada Try to keep data on campus servers and access it remotely (using VPN, VPI or Workspace) Service providers that store data must have adequate security Storing on mobile media (e.g. USB keys, external hard drives) or mobile devices (laptops) is strongly discouraged. If such storage is necessary, you must encrypt the media/device. Explore alternatives to transmission (i.e. remote access) If you must transmit files by , encrypt them Remote access via VPN, VDI or Workspace is acceptable Beware of Certificate Errors
19 Data Retention and Destruction Phase Planning and Grant Writing Data Retention and Destruction Data Collection Data Storage and Analysis
20 Data Retention and Destruction Stage Monitor your timelines Consider requirements for archiving your data Make appropriate plans for final destruction Electronic information Paper copies Track and log disposal
21 Stay Tuned Integrating research data privacy and security into research process Issuing comprehensive Information Security Standards
22 QUESTIONS Find the complete checklist: universitycounsel.ubc.ca/data-privacyday
Privacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014,
More informationPrivacy and Security Protecting Personal Information Kim Hart and Bill Trott
Privacy and Security Protecting Personal Information Kim Hart and Bill Trott Privacy Video http://www.youtube.com/watch?feature=pla yer_embedded&v=rnjl9eecsoe What is today about? Understand key principles
More informationPrivacy Incident and Breach Management Policy
Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationStudent Visa - confidentiality and Reporting Requirements
Information Security: Best Practices Larry Carson Associate Director, Information Security Management, UBC larry.carson@ubc.ca 604-822-0773 Twitter: @L4rryC4rson Agenda News-worthy Incidents Legislation
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationSecurity Threat Risk Assessment: the final key piece of the PIA puzzle
Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value
More informationRELATIONSHIP TO PREVIOUS AGREEMENT(S) / PREVIOUS REQUESTS
HEALTH DATA REQUEST Submit this completed form to the email address: healthdatacentral@gov.bc.ca Questions about the request process or any part of this application may be directed to the email address
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationCloud Service Contracts: An Issue of Trust
Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationPolitique de sécurité de l information Information Security Policy
Politique de sécurité de l information Information Security Policy Adoptée par le Conseil d administration Le 10 novembre 2011 Adopted by the Board of Directors on November 10, 2011 Table of contents FOREWORD
More information1. Each employee is responsible for managing college records in a responsible and professional manner.
Policy O-6.2 Approved By: College Executive Team Approval Date: February 26, 2003 Amendment Date: November 25, 2009 Policy Holder: VP Administration & CFO Purpose / Rationale RECORD MANAGEMENT The purpose
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationONLINE PRIVACY POLICY
ONLINE PRIVACY POLICY The City of New Westminster is committed to protecting your privacy. Any personal information collected, used or disclosed by the City is in accordance with the Freedom of Information
More informationMINUTE TAKING TIPS. How to keep your minutes FIPPA friendly
MINUTE TAKING TIPS How to keep your minutes FIPPA friendly DID YOU KNOW MINUTES ARE CONSIDERED RECORDS UNDER FIPPA? As of June 10 th, 2006 Carleton University came under the Freedom of Information and
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationAPPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES
APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,
More informationMICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing
MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT Western Student E-Communications Outsourcing Paul Eluchok - University Privacy Officer David Ghantous - Associate Director of Technical Services Dated: August
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationApplicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):
Title: Category: Administration Information Management Policy No.: B5010 Replaces: B5010 Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s): Approval: (President
More informationHIPAA Compliance Evaluation Report
Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More information16 Electronic health information management systems
16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationHIPAA Audit Risk Assessment - Risk Factors
I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your
More informationCritical Data Guide. A guide to handling critical information at Indiana University
Critical Data Guide A guide to handling critical information at Indiana University What is critical information? IU defines critical information as sensitive data requiring the highest level of protection.
More informationStrategy for Email Management in Canadian Jurisdictions
Strategy for Email Management in Canadian Jurisdictions Email is a fundamental part of doing business today, and the management of email has become a critical issue across all jurisdictions. All governments
More informationMinistry of Children and Family Development (MCFD) Contractor s Information Management Guidelines
(This document supersedes the document previously entitled MCFD Contractor Records Guidelines) Ministry of Children and Family Development (MCFD) Contractor s Information Management Guidelines November
More informationPractice Resource. Cloud computing checklist. Introduction
Practice Resource Cloud computing checklist Cloud computing offers many benefits to lawyers including the ability to access an exploding array of new software services and applications, the offloading
More informationWhat is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationPolicy & Procedure. This policy applies to all records in the custody and control of SMGH.
Policy & Procedure Subject: Management of Records 1) Purpose: The purpose of this policy is to establish a corporate record management plan, including the development of a directory of records and a personal
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationPRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7
PRIVACY POLICY Effective: January 1, 2014 Revised: March 19, 2015 Privacy Policy Page 1 of 7 WAJAX CORPORATION PRIVACY POLICY GENERAL POLICY Privacy Overview Wajax Corporation (Wajax) and its business
More informationLegal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev
Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,
More informationHow To Protect Your Privacy On A Safari
Privacy Statement Emerson Electric Co. ( Emerson or we or us or our ) provides the following products and services, and this Privacy Statement applies to your use of these services (collectively, the Services
More informationPage 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.
Page 1 Page 2 Page 3 Agenda Defining the Massachusetts Personal Data Security Law Becoming Compliant Page 4 Massachusetts Privacy Law Defining the Massachusetts Personal Data Security Law - 201 CMR 17.00
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationCOLLEGE POLICY MANUAL
Policy No. & Title: C202: ACCEPTABLE USE OF COLLEGE TECHNOLOGY Effective: 2015-07-14 Next Review: 2020-07-14 Policy Sponsor: Chief Information Officer Ref Cttee: Senior Leadership Council Approvals: 2000-05-03/SA-99-09;
More informationINFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies
INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW
More informationPrivacy Impact Assessment for the. Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS)
Privacy Impact Assessment for the Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS) United States Marshals Service Contact Point William E. Bordley Associate
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationBig Data, Big Risk? Data Management and Privacy. Presented by: Timothy Banks, Heather Innes, and Colonel Vihar Joshi
Big Data, Big Risk? Data Management and Privacy Presented by: Timothy Banks, Heather Innes, and Colonel Vihar Joshi Data Management & Privacy Compliance Heather Innes Chief Privacy Officer, General Motors
More informationFHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)
FHFA Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME) This template is used when the Chief Privacy Officer determines that the system contains Personally Identifiable Information and a more
More informationBOARD POLICY POLICY TITLE. Records and Information Management 1.0 PURPOSE
BOARD POLICY Policy Section FOI/RECORDS MANAGEMENT Administrative Procedure Number AP-FOI -305 Policy Number 305 Page 1 of 6 POLICY TITLE Records and Information Management 1.0 PURPOSE The Peterborough
More informationPRIVACY BREACH! WHAT NEXT?
PRIVACY BREACH! WHAT NEXT? A four step plan to help you in the event of a privacy breach or possible breach situation A privacy breach is an incident involving the unauthorized disclosure of personal information
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationBrian Beamish. Commissioner (Acting) Ontario Information and Privacy Commission. Cyber Risk National Conference February 9, 2015
Preventing Privacy Breaches and Building Confidence in Electronic Health Records Brian Beamish Commissioner (Acting) Ontario Information and Privacy Commission Cyber Risk National Conference February 9,
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationCopyright 2014 Nymity Inc. All Rights Reserved.
This sample Benchmarks Report represents a real-world example of Your Privacy Management Status Report based on a mature privacy program in a non-north American organization within the public sector. Copyright
More informationby: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy
Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy June 10, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationIntroduction to HIPAA Compliance Checklist:
Introduction to HIPAA Compliance Checklist: HIPAA Compliance Checklist The following is a comprehensive HIPAA Compliance Checklist created to provide guidance to treatment providers utilizing voice and
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationUNIVERSITY OF MANITOBA POLICY CLOSED CIRCUIT TV (CCTV) MONITORING. Part I Reason for Policy
UNIVERSITY OF MANITOBA POLICY Policy: Effective Date: October 1, 2012 Revised Date: November 20, 2012 Review Date: October 1, 2022 Approving Body: Authority: Responsible Executive Officer: Delegate: Contact:
More informationVIDEO SURVEILLANCE GUIDELINES
VIDEO SURVEILLANCE GUIDELINES Introduction Surveillance of public spaces has increased rapidly over recent years. This growth is largely attributed to the significant advances in surveillance technology
More informationHIPAA and Clinical Research
To Heal. To Teach. To Discover. HIPAA and Clinical Research 2011 Training Jennifer Edlind, UH Privacy Officer Ryan Terry, UH Information Security Officer 1 Agenda Research credentialing overview HIPAA
More informationPrivacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual
Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer
More informationPRIVACY POLICY. The effective date of this Privacy Policy is December 15, 2010. Last Updated September 29, 2014. Overview
PRIVACY POLICY The effective date of this Privacy Policy is December 15, 2010 Last Updated September 29, 2014 Overview The Bay Area Toll Authority (BATA) is committed to ensuring customer privacy and security.
More informationInformation Security Education and Awareness Training
Information Technology Information Security Education and Awareness Training Standard Identifier: IT-STND-002 Revision Date: 8/1/2015 Effective Date: 3/1/2015 Approved by: BOR CIO Approved on date: 10/17/2014
More informationData Security Plan Development Guide for Researchers
Data Security Plan Development Guide for Researchers November 2014 Prepared for: Association for Public Policy Analysis and Management Fall Research Conference Submitted by: Sean Owen, CISSP, CAP and Teresa
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationSecurity Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Brochure More information from http://www.researchandmarkets.com/reports/3302152/ Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT /
More informationOIT OPERATIONAL PROCEDURE
OIT OPERATIONAL PROCEDURE Title: DATA CLASSIFICATION GUIDELINES Identification: OIT 1 Page: 1 of 5 Effective Date: 3/31/2014 Signature/Approval: Guidelines and Handling Procedure (9 10 ) specifies that
More informationI. Introduction to Privacy: Common Principles and Approaches
I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal
More informationPRIVACY MANAGEMENT ACTIVITIES
PRIVACY MANAGEMENT ACTIVITIES Designed for the privacy office to take privacy management to the next level, Nymity Templates offers a wide range of downloadable resources. Publication Date: June 2014 1.
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationMoving Information: Privacy & Security Guidelines
Information and Privacy Commissioner/ Ontario Moving Information: Privacy & Security Guidelines Ann Cavoukian, Ph.D. Commissioner July 1997 Information and Privacy Commissioner/Ontario 2 Bloor Street East
More informationPrivacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems
Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure
More informationARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS
ARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS LIBBY BISHOP. RESEARCHER LIAISON UNIVERSITY OF ESSEX TCRU/NOVELLA SPECIAL SEMINAR - LONDON 29 MAY 2012 THE & ESDS QUALIDATA forty years experience
More informationData Managers Interest Group. Research. April 17, 2012
Data Managers Interest Group Institute of Clinical and Translational Research April 17, 2012 Privacy & Security Contacts hipaa@jhmi.edu network.security@jhmi.edu IT Help Desk 410.735.4357 3 Or you can
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationPOLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same
POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationSelected Annotated Bibliography Personal Health Information, Privacy and Access
A. National Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 canlii.org/en/ca/laws/stat/sc-2000-c-5/latest/sc-2000-c-5.html Privacy Act, R.S.C. 1985, c. P-21 canlii.org/en/ca/laws/stat/rsc-1985-c-p-21/latest/rsc-1985-c-p-21.html
More informationStoring and securing your data
Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from
More informationSponsored Programs Guidance Cradle to Grave
Sponsored Programs Guidance Cradle to Grave Data Management Data Management for Sponsored Programs (Adapted from Guidelines for Responsible Data Management in Scientific Research, Clinical Tools, Inc.)
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationIT Roles in Loss Prevention. Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP
IT Roles in Loss Prevention Presented by: Ann Ostrander, Director of Loss Prevention Kirkland & Ellis LLP What is Loss Prevention (Risk Management)? Mitigate risk Protect the Firm s assets Departments
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationLONDON PUBLIC LIBRARY POLICY
PURPOSE The purpose of this policy is to: Ensure accessibility to accurate, authentic and reliable London Public Library Records in all formats, including electronic, to meet legislated requirements, support
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationIt s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?
It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationCloud computing and the legal framework
Cloud computing and the legal framework - Guidance on legislative requirement and the contractual environment related to cloud computing Content 1. Introduction 3 2. The Danish Act on Processing of Personal
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationTRUE TITLE BEST PRACTICES
TRUE TITLE BEST PRACTICES Mission Statement The American Land Title Association (ALTA) seeks to guide its membership on best practices to protect consumers, promote quality service, provide for ongoing
More informationRECORDS AND INFORMATION MANAGEMENT AND RETENTION
RECORDS AND INFORMATION MANAGEMENT AND RETENTION Policy The Health Science Center recognizes the need for orderly management and retrieval of all official records and a documented records retention and
More informationMaximum Global Business Online Privacy Statement
Maximum Global Business Online Privacy Statement Last Updated: June 24, 2008. Maximum Global Business is committed to protecting your privacy. Please read the Maximum Global Business Online Privacy Statement
More informationUW Platteville Credit Card Handling Policy
UW Platteville Credit Card Handling Policy Issued: December 2011 Revision History: November 7, 2013; July 11, 2014; November 1, 2014; August 24, 2015 Overview: In order for UW Platteville to accept credit
More informationOverview. What are operational policies? Development, adoption, implementation
Practical Geospatial Policies: Resolving Operational Issues to Optimize Your SDI Ed Kennedy Hickling Arthurs Low Corporation and Cynthia Mitchell and Simon Riopel Division, Natural Resources Canada Overview
More informationAccountable Privacy Management in BC s Public Sector
Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY
More information