Your SlideShare is downloading. ×
Classroom Instruction
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Classroom Instruction

226

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
226
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. New Data Regulation Law 201 CMR 17.00
  • 2.
    • TJX Video
  • 3.  
  • 4.  
  • 5.  
  • 6. Minimum Requirements
    • Secure Access control measures
    • Secure user authentication protocols
    • Monitoring for unauthorized access
    • Encrypt PI that is or would be transmitted wirelessly
  • 7. Minimum Requirements
    • Encryption of all PI on portable media
      • Laptop
      • Smartphones
      • PDA’s
    • Up to date Firewall and Security Patch Protection
    • Up to date security agent software
      • Virus Protection
      • Malware
    • Employee Training
  • 8. W.I.S.P.
    • Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI
    • Identify existing PI
    • Advise senior management if current technology places PI at risk
    • Define rules for protecting PI that covers both paper and electronic records
  • 9. W.I.S.P.
    • Ensure all Employees that have access to PI records are trained in safeguarding
    • Ongoing training through workplaces posters and e-mails
    • Signed polices provide audit trail
    • IT policies are important too..
    • Your login credentials are the “keys to the kingdom”
  • 10. Safeguards for PI
    • Store Hardcopies
      • Restrict Access
      • Monitor Access
      • Establish “Location” Policy
    • Scan Hardcopies
      • Store Electronically
      • Restrict Access
      • Monitor Access
      • Shred Hardcopies
  • 11. Safeguards for PI
    • Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against loss or theft
      • PI data is unreadable even if disk drive is moved to another Laptop
      • Unlocking disk encryption requires proper username and password, or more
    • Or Encrypt PI files stored on Mobile Devices
  • 12. Safeguards for PI
    • PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted
    • Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media
    • All Backup Tapes or External Hard Drives software must be encrypted.
  • 13. Safeguards for PI
    • If PI is sent across a wireless network, it MUST be encrypted
    • Patch Management must be up to date
    • Up to date Anti Virus
    • Companies Firewall is to be up to date
    • Wireless encrypted with security access
  • 14. Safeguards for PI
    • E-mails containing PI must be encrypted if sent via the internet.
    • E-mail “Content Filtering” electronically searches the body of the e-mail and attachments for PI
    • E-mails with PI will be automatically encrypted before traveling over the internet.
  • 15. Safeguards for PI
    • For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with
      • IT Companies
      • Payroll Company
      • Benefit Companies
        • 401(k)
        • Life Insurance
        • Insurance
    • Caution: E-mail communications with these parties frequently involve PI data – ensure those e-mails are encrypted
  • 16. Safeguards for PI
    • Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc.
      • USB Flash Drives
      • DVD
      • CD
  • 17. Safeguards for PI
    • Terminating Employee’s
      • Disable User right away
      • Redirect E-mail to another user
      • Remove Remote Access
      • Don’t allow ex employee near PI
  • 18. Recap
    • Thumb drive has info from the state
    • Massdatalaw.com
    • Free trail version of Safe House
    • [email_address]

×