Your SlideShare is downloading. ×
Classroom Instruction
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Classroom Instruction


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. New Data Regulation Law 201 CMR 17.00
  • 2.
    • TJX Video
  • 3.  
  • 4.  
  • 5.  
  • 6. Minimum Requirements
    • Secure Access control measures
    • Secure user authentication protocols
    • Monitoring for unauthorized access
    • Encrypt PI that is or would be transmitted wirelessly
  • 7. Minimum Requirements
    • Encryption of all PI on portable media
      • Laptop
      • Smartphones
      • PDA’s
    • Up to date Firewall and Security Patch Protection
    • Up to date security agent software
      • Virus Protection
      • Malware
    • Employee Training
  • 8. W.I.S.P.
    • Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI
    • Identify existing PI
    • Advise senior management if current technology places PI at risk
    • Define rules for protecting PI that covers both paper and electronic records
  • 9. W.I.S.P.
    • Ensure all Employees that have access to PI records are trained in safeguarding
    • Ongoing training through workplaces posters and e-mails
    • Signed polices provide audit trail
    • IT policies are important too..
    • Your login credentials are the “keys to the kingdom”
  • 10. Safeguards for PI
    • Store Hardcopies
      • Restrict Access
      • Monitor Access
      • Establish “Location” Policy
    • Scan Hardcopies
      • Store Electronically
      • Restrict Access
      • Monitor Access
      • Shred Hardcopies
  • 11. Safeguards for PI
    • Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against loss or theft
      • PI data is unreadable even if disk drive is moved to another Laptop
      • Unlocking disk encryption requires proper username and password, or more
    • Or Encrypt PI files stored on Mobile Devices
  • 12. Safeguards for PI
    • PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted
    • Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media
    • All Backup Tapes or External Hard Drives software must be encrypted.
  • 13. Safeguards for PI
    • If PI is sent across a wireless network, it MUST be encrypted
    • Patch Management must be up to date
    • Up to date Anti Virus
    • Companies Firewall is to be up to date
    • Wireless encrypted with security access
  • 14. Safeguards for PI
    • E-mails containing PI must be encrypted if sent via the internet.
    • E-mail “Content Filtering” electronically searches the body of the e-mail and attachments for PI
    • E-mails with PI will be automatically encrypted before traveling over the internet.
  • 15. Safeguards for PI
    • For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with
      • IT Companies
      • Payroll Company
      • Benefit Companies
        • 401(k)
        • Life Insurance
        • Insurance
    • Caution: E-mail communications with these parties frequently involve PI data – ensure those e-mails are encrypted
  • 16. Safeguards for PI
    • Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc.
      • USB Flash Drives
      • DVD
      • CD
  • 17. Safeguards for PI
    • Terminating Employee’s
      • Disable User right away
      • Redirect E-mail to another user
      • Remove Remote Access
      • Don’t allow ex employee near PI
  • 18. Recap
    • Thumb drive has info from the state
    • Free trail version of Safe House
    • [email_address]