Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • There are 8 policies that establish the correct procedures for handling personal information Let’s look at the first two more closely..
  • Personally identifiable information (PII) is protected by a number of different laws and industry standards FERPA GLBA HIPAA Illinois PIPA PCI DSS
  • Data Stewards play a key role in the security of Loyola’s personal information
  • Data Stewards play a key role in the security of Loyola’s personal information
  • Datastewards

    1. 1. Welcome Personally Identifiable Information (PII) Protection Training for Data Stewards
    2. 2. Data Steward Training <ul><li>Goal </li></ul><ul><li>The purpose for today’s training program is to introduce you to a collection of policies designed to protect Personally Identifiable Information (PII) and to your role and responsibilities as a Data Steward. </li></ul>
    3. 3. Data Steward Training <ul><li>Learning Objectives: </li></ul><ul><li>As a result of participating in today’s program you will: </li></ul><ul><li>Learn about Loyola’s Personally Identifiable Information (PII) Protection program </li></ul><ul><li>Gain a better understanding of your role and responsibilities as a Data Steward </li></ul><ul><li>Acquire a list of tools and resources that can support you in your role as a Data Steward </li></ul>
    4. 4. Data Steward Training <ul><li>Agenda </li></ul><ul><li>The Challenge of Protecting PII </li></ul><ul><li>Loyola’s Process for Protecting PII </li></ul><ul><li>Your Role in Protecting Loyola’s PII </li></ul><ul><li>Tools and Resources </li></ul>
    5. 5. Data Steward Training <ul><li>Guidelines </li></ul><ul><li>Program length: 60 minutes </li></ul><ul><li>Ask questions – participate </li></ul>
    6. 6. Data Steward Training <ul><li>Protecting Personally Identifiable Information </li></ul>
    7. 7. Data Steward Training <ul><li>Loyola recently approved policies covering areas: </li></ul><ul><li>Data Classification </li></ul><ul><li>Loyola Protected & Sensitive Data Identification </li></ul><ul><li>Physical Security of Loyola Protected & Sensitive Data </li></ul><ul><li>Electronic Security of Loyola Protected & Sensitive Data </li></ul><ul><li>Disposal of Loyola Protected & Sensitive Data </li></ul><ul><li>Loyola Encryption </li></ul><ul><li>Compliance Review </li></ul><ul><li>Data Breach Response </li></ul>
    8. 8. Data Steward Training <ul><li>All data produced by employees of Loyola University Chicago during the course of University business will be classified as one of these three types of data: </li></ul><ul><ul><ul><ul><li>Loyola Protected Data </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Loyola Sensitive Data </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Loyola Public Data </li></ul></ul></ul></ul><ul><ul><ul><ul><li>(Definitions on next slide) </li></ul></ul></ul></ul>
    9. 9. Data Steward Training <ul><li>Definitions </li></ul><ul><ul><li>Loyola Protected data (LPro data) </li></ul></ul><ul><ul><ul><li>Protected by Federal, state, or local laws </li></ul></ul></ul><ul><ul><ul><li>Includes SSNs, credit card numbers, bank account info, driver’s license numbers, personal health info, FERPA info, etc </li></ul></ul></ul><ul><ul><li>Loyola Sensitive data (LSen data) </li></ul></ul><ul><ul><ul><li>Not covered by laws, but information that Loyola would not distribute to the public </li></ul></ul></ul><ul><ul><ul><li>Determined by the department that created the data </li></ul></ul></ul><ul><ul><li>Loyola Public data (LPub data) </li></ul></ul><ul><ul><ul><li>Information that Loyola is comfortable distributing to the general public. </li></ul></ul></ul>
    10. 10. Data Steward Training <ul><li>Role & Responsibilities </li></ul><ul><li>for Data Stewards </li></ul>
    11. 11. Data Steward Training <ul><li>The primary responsibility of a data steward is to help their department identify locations of Personally Identifiable Information (PII) </li></ul><ul><li>The data steward will also produce documentation used by ITS and your department indicating where PII is located in the department </li></ul>
    12. 12. Data Steward Training <ul><li>Responsibilities </li></ul><ul><li>Identify computers that store or access Loyola Protected or Loyola Sensitive data </li></ul><ul><ul><li>Conduct systems scan every 6 months </li></ul></ul><ul><ul><li>Use software scanning tool that flags possible LPro information </li></ul></ul><ul><ul><li>Record information from the scanning software tool in a spreadsheet for ITS and your department </li></ul></ul><ul><ul><li>Fill out the department’s Data Security Compliance Review form and submit to ITS </li></ul></ul>
    13. 13. Data Steward Training <ul><li>Responsibilities </li></ul><ul><li>Act as a resource for your department by providing information about the policies and their impact </li></ul><ul><li>Conduct presentations as needed to raise awareness </li></ul><ul><li>Sample presentation: </li></ul>
    14. 14. Data Steward Training <ul><li>Changes in how your </li></ul><ul><li>department handles </li></ul><ul><li>Loyola data </li></ul>
    15. 15. Data Steward Training <ul><li>Changes for Paper documents </li></ul><ul><li>Limit access to department workspaces that store LPro or LSen data in paper form – your department should: </li></ul><ul><ul><li>Create a list of individuals with access to restricted areas; provide Campus Security with a copy of the list </li></ul></ul><ul><ul><li>Require a badge or key to access those areas </li></ul></ul><ul><ul><li>Allow no public access to those areas </li></ul></ul><ul><li>Acquire/use approved shredders to dispose of documents </li></ul><ul><ul><li>Limit access to printers and faxes </li></ul></ul><ul><li>Properly store LPro or LSen documents; avoid leaving LPro or LSen information on desks and other work areas when no one is present </li></ul>
    16. 16. Data Steward Training <ul><li>Changes for electronic documents </li></ul><ul><li>Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form </li></ul><ul><li>LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted </li></ul><ul><li>ITS will provide instructions for installing the encryption software for those users that need it </li></ul>
    17. 17. Data Steward Training <ul><li>Preferred storage for remote access </li></ul><ul><li>LPro or LSen data preferred storage for remote access </li></ul><ul><ul><ul><li>Network drives (VPN + Remote Desktop) </li></ul></ul></ul><ul><ul><ul><li>Laptop w/ encryption software </li></ul></ul></ul><ul><ul><ul><li>PDA/Blackberry/Smartphone w/ encryption software </li></ul></ul></ul><ul><ul><ul><li>Portable drive w/ encryption software </li></ul></ul></ul><ul><ul><ul><li>CD/DVD/disk as an encrypted file </li></ul></ul></ul>
    18. 18. Data Steward Training <ul><li>Disposal of LPro or LSen data </li></ul><ul><li>Paper – Shred either through shredding service or approved personal shredder (Purchasing has list of approved shredders) </li></ul><ul><li>Electronic – Contact ITS for proper disposal </li></ul><ul><li>If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal </li></ul>
    19. 19. Data Steward Training <ul><li>Encryption of data </li></ul><ul><li>Electronic data transfers must be secured </li></ul><ul><li>If you need to send sensitive data via email, please contact ITS for information on sending encrypted emails </li></ul><ul><li>LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted </li></ul><ul><li>ITS will assist in configuration and training for department-specific issues on an as-needed basis </li></ul>
    20. 20. Data Steward Training <ul><li>Report possible breaches / exposures </li></ul><ul><ul><li>Call 86086 / 773-508-6086 </li></ul></ul><ul><ul><li>Email [email_address] </li></ul></ul><ul><ul><li>Go to anonymous reporting page at </li></ul></ul>
    21. 21. University Deployment Plan <ul><li>Split into 4 phases </li></ul><ul><ul><li>ITS pilot </li></ul></ul><ul><ul><li>Sullivan Center pilot </li></ul></ul><ul><ul><li>High-risk areas (HR, Finance, etc) </li></ul></ul><ul><ul><li>Rest of the university </li></ul></ul><ul><li>Main communication effort will occur before the 4 th phase – university-wide deployment </li></ul>
    22. 22. Communication Strategy <ul><li>Town hall meetings </li></ul><ul><li>Inside Loyola Weekly </li></ul><ul><li>Separate email blast to all staff </li></ul><ul><li>Communications specifically targeting faculty </li></ul>
    23. 23. How Do I …? <ul><li>Give a presentation to my department about this? </li></ul><ul><li>Perform the scanning portion? </li></ul><ul><li>Install the encryption software? </li></ul><ul><li>Fill out the paperwork? </li></ul><ul><li>Get other questions answered? </li></ul>
    24. 24. How Do I…? <ul><li>Give a presentation to the rest of my department? </li></ul><ul><li>Recommended so they will have a better understanding of how they can help protect PII and other sensitive data </li></ul><ul><li>Complete presentation available at </li></ul><ul><li>Please send any questions you cannot answer to ITS ( [email_address] or x86086) </li></ul>
    25. 25. How Do I…? <ul><li>Perform the scanning portion? </li></ul><ul><li>Send an email to everyone in your department asking them to go to Loyola Software -> Useful Tools -> Spider Scanner </li></ul><ul><ul><li>This will install and run the scanning software </li></ul></ul><ul><ul><li>The process can take an hour or two, but the user can continue using their machine while it works </li></ul></ul><ul><ul><li>Program will automatically close when done </li></ul></ul>
    26. 26. How Do I…? <ul><li>Install the encryption software? </li></ul><ul><ul><li>Close all open programs </li></ul></ul><ul><ul><li>Go to Loyola Software -> Useful Tools -> SafeGuard Easy Install </li></ul></ul><ul><ul><li>Machine reboots several times </li></ul></ul><ul><ul><li>Login, wait for machine to reboot twice more </li></ul></ul><ul><ul><li>Close encryption image and login </li></ul></ul><ul><ul><li>Verify red icon on hard drive, logout or lock machine but LEAVE IT POWERED ON! </li></ul></ul><ul><ul><li>You can use your computer while it encrypts, but it will run more slowly until the process completes </li></ul></ul>
    27. 27. How Do I…? <ul><li>Fill out the paperwork? </li></ul><ul><li>Two different forms to complete </li></ul><ul><ul><li>While reviewing the spider log with the user, fill out the PII Tracking.xls spreadsheet </li></ul></ul><ul><ul><li>Once all computers have been scanned and their logs reviewed, fill out the Data Security Compliance Review form available at (the last page) </li></ul></ul>
    28. 28. How Do I…? <ul><li>Get other questions answered? </li></ul><ul><li>Call / Email / Stop By </li></ul><ul><ul><ul><li>Joe Bazeley </li></ul></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul><ul><ul><ul><li>773-508-6086 / 86086 </li></ul></ul></ul><ul><ul><ul><li>Granada Center room 235 </li></ul></ul></ul>
    29. 29. Data Steward Training <ul><li>Tools and Resources </li></ul><ul><li>ITS Contact </li></ul><ul><ul><li>Joe Bazeley </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>773-508-6086 / 86086 </li></ul></ul><ul><li>Policies </li></ul><ul><li>Presentation – add links </li></ul><ul><li>Reporting breaches </li></ul><ul><ul><li>Anonymous reporting page at </li></ul></ul><ul><ul><li>Email [email_address] </li></ul></ul>
    30. 30. Summary <ul><li>As a Data Steward you play an important role in ensuring that your department is in and remains in compliance with Loyola’s policies for protecting PII and other sensitive information </li></ul>
    31. 31. Summary <ul><li>Responsibilities </li></ul><ul><li>Be a resource to your department by providing information about these policies and their impact </li></ul><ul><ul><li>Sample presentation available at </li></ul></ul><ul><li>Conduct scans of department media every 6 months </li></ul><ul><ul><li>Check output of LPro/LSen data detection tool on each individual’s computer </li></ul></ul><ul><ul><li>Provide summary info on LPro/LSen data to ITS and your department </li></ul></ul><ul><ul><li>Fill out department’s compliance form for ITS </li></ul></ul>
    32. 32. Summary <ul><li>Badge/key access restrictions </li></ul><ul><li>Printers and faxes in secure areas </li></ul><ul><li>Use approved shredders </li></ul><ul><li>Secure desk when not around </li></ul><ul><li>Encryption of computers </li></ul><ul><li>Cannot store LPro or LSen data on unencrypted computers </li></ul><ul><li>Store files on network drives for remote access </li></ul>
    33. 33. Data Steward Training <ul><li>Questions? </li></ul>
    34. 34. Data Steward Training <ul><li>Thank you </li></ul><ul><li>for </li></ul><ul><li>Your participation </li></ul>
    35. 35. Full Disk Encryption Install Demo <ul><li>Short version of install process: </li></ul><ul><li>Close open documents </li></ul><ul><li>Launch program </li></ul><ul><li>Wait several minutes, login </li></ul><ul><li>Wait several minutes, close picture then login again </li></ul><ul><li>Log out or lock computer, but leave it powered on </li></ul>