New Data Regulation Law 201 CMR 17.00
<ul><li>TJX Video </li></ul>
 
 
 
Minimum Requirements <ul><li>Secure Access control measures </li></ul><ul><li>Secure user authentication protocols </li></...
Minimum Requirements <ul><li>Encryption of all PI on portable media </li></ul><ul><ul><li>Laptop </li></ul></ul><ul><ul><l...
W.I.S.P. <ul><li>Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI </li...
W.I.S.P. <ul><li>Ensure all Employees that have access to PI records are trained in safeguarding </li></ul><ul><li>Ongoing...
Safeguards for PI <ul><li>Store Hardcopies </li></ul><ul><ul><li>Restrict Access </li></ul></ul><ul><ul><li>Monitor Access...
Safeguards for PI <ul><li>Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against ...
Safeguards for PI <ul><li>PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted </li></ul><ul><li>Rec...
Safeguards for PI <ul><li>If PI is sent across a wireless network, it MUST be encrypted </li></ul><ul><li>Patch Management...
Safeguards for PI <ul><li>E-mails containing PI must be encrypted if sent via the internet. </li></ul><ul><li>E-mail “Cont...
Safeguards for PI <ul><li>For Third Party Vendors, you should obtain written certification of compliance with MA Privacy R...
Safeguards for PI <ul><li>Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable med...
Safeguards for PI <ul><li>Terminating Employee’s </li></ul><ul><ul><li>Disable User right away </li></ul></ul><ul><ul><li>...
Recap <ul><li>Thumb drive has info from the state  </li></ul><ul><li>Massdatalaw.com </li></ul><ul><li>Free trail version ...
Upcoming SlideShare
Loading in...5
×

Classroom Instruction

237

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
237
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Classroom Instruction

  1. 1. New Data Regulation Law 201 CMR 17.00
  2. 2. <ul><li>TJX Video </li></ul>
  3. 6. Minimum Requirements <ul><li>Secure Access control measures </li></ul><ul><li>Secure user authentication protocols </li></ul><ul><li>Monitoring for unauthorized access </li></ul><ul><li>Encrypt PI that is or would be transmitted wirelessly </li></ul>
  4. 7. Minimum Requirements <ul><li>Encryption of all PI on portable media </li></ul><ul><ul><li>Laptop </li></ul></ul><ul><ul><li>Smartphones </li></ul></ul><ul><ul><li>PDA’s </li></ul></ul><ul><li>Up to date Firewall and Security Patch Protection </li></ul><ul><li>Up to date security agent software </li></ul><ul><ul><li>Virus Protection </li></ul></ul><ul><ul><li>Malware </li></ul></ul><ul><li>Employee Training </li></ul>
  5. 8. W.I.S.P. <ul><li>Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI </li></ul><ul><li>Identify existing PI </li></ul><ul><li>Advise senior management if current technology places PI at risk </li></ul><ul><li>Define rules for protecting PI that covers both paper and electronic records </li></ul>
  6. 9. W.I.S.P. <ul><li>Ensure all Employees that have access to PI records are trained in safeguarding </li></ul><ul><li>Ongoing training through workplaces posters and e-mails </li></ul><ul><li>Signed polices provide audit trail </li></ul><ul><li>IT policies are important too.. </li></ul><ul><li>Your login credentials are the “keys to the kingdom” </li></ul>
  7. 10. Safeguards for PI <ul><li>Store Hardcopies </li></ul><ul><ul><li>Restrict Access </li></ul></ul><ul><ul><li>Monitor Access </li></ul></ul><ul><ul><li>Establish “Location” Policy </li></ul></ul><ul><li>Scan Hardcopies </li></ul><ul><ul><li>Store Electronically </li></ul></ul><ul><ul><li>Restrict Access </li></ul></ul><ul><ul><li>Monitor Access </li></ul></ul><ul><ul><li>Shred Hardcopies </li></ul></ul>
  8. 11. Safeguards for PI <ul><li>Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against loss or theft </li></ul><ul><ul><li>PI data is unreadable even if disk drive is moved to another Laptop </li></ul></ul><ul><ul><li>Unlocking disk encryption requires proper username and password, or more </li></ul></ul><ul><li>Or Encrypt PI files stored on Mobile Devices </li></ul>
  9. 12. Safeguards for PI <ul><li>PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted </li></ul><ul><li>Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media </li></ul><ul><li>All Backup Tapes or External Hard Drives software must be encrypted. </li></ul>
  10. 13. Safeguards for PI <ul><li>If PI is sent across a wireless network, it MUST be encrypted </li></ul><ul><li>Patch Management must be up to date </li></ul><ul><li>Up to date Anti Virus </li></ul><ul><li>Companies Firewall is to be up to date </li></ul><ul><li>Wireless encrypted with security access </li></ul>
  11. 14. Safeguards for PI <ul><li>E-mails containing PI must be encrypted if sent via the internet. </li></ul><ul><li>E-mail “Content Filtering” electronically searches the body of the e-mail and attachments for PI </li></ul><ul><li>E-mails with PI will be automatically encrypted before traveling over the internet. </li></ul>
  12. 15. Safeguards for PI <ul><li>For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with </li></ul><ul><ul><li>IT Companies </li></ul></ul><ul><ul><li>Payroll Company </li></ul></ul><ul><ul><li>Benefit Companies </li></ul></ul><ul><ul><ul><li>401(k) </li></ul></ul></ul><ul><ul><ul><li>Life Insurance </li></ul></ul></ul><ul><ul><ul><li>Insurance </li></ul></ul></ul><ul><li>Caution: E-mail communications with these parties frequently involve PI data – ensure those e-mails are encrypted </li></ul>
  13. 16. Safeguards for PI <ul><li>Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc. </li></ul><ul><ul><li>USB Flash Drives </li></ul></ul><ul><ul><li>DVD </li></ul></ul><ul><ul><li>CD </li></ul></ul>
  14. 17. Safeguards for PI <ul><li>Terminating Employee’s </li></ul><ul><ul><li>Disable User right away </li></ul></ul><ul><ul><li>Redirect E-mail to another user </li></ul></ul><ul><ul><li>Remove Remote Access </li></ul></ul><ul><ul><li>Don’t allow ex employee near PI </li></ul></ul>
  15. 18. Recap <ul><li>Thumb drive has info from the state </li></ul><ul><li>Massdatalaw.com </li></ul><ul><li>Free trail version of Safe House </li></ul><ul><li>[email_address] </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×