2. Agenda
● Why security compliance is necessary?
● What data needs to be secured?
● Our commitment to data security & privacy
● Security Tips
● Privacy Tips
● Incident Guidance
● Privacy
3. Purpose and Goal
● This training is a required element our information security program
● The goal of this training is to set an information security baseline for all
employees, regardless of role and to familiarize employees of data
security and information privacy best practices
● Refer to our Information Security Policy for details
4. Why data security?
● Customers are asking for this!
● Supports compliance with laws and regulations
● We are entrusted with confidential client information (and our own!)
● Win key client projects by following best practice data security standards
5. Data Classification
Data Classification tell us how to store and treat the data.
● PUBLIC - Anyone can see or find this data
● CONFIDENTIAL - Business data not meant for public consumption;
○ Could cause the Company harm if shared
○ Ex: Customer contracts, financial data, pre-release product specs
● SENSITIVE - Consumer user personal data, client contract details;
○ Could cause our clients/users & our Company harm if shared
○ Ex: Study Participant personal data, HR data
6. Security Tips
● Use good judgement with private use of Company equipment
● Use caution when opening attachments or strange emails
● Nothing illegal or harassing; no spamming
● Never share one customer’s information with another customer
7. Password Tips
● Long passwords; consider a passphrase Jur@ssicP@rk!1
● Don’t share your password or write it down
● Consider using a password manager
● When available, enable multi-factor authentication
● Power down your laptop periodically and maintain recent software
updates
8. Security Tips
● Enable your password lock when you are away from your machine
● Do not leave your laptop or device unattended when out of the office
● Be paranoid: download only from trusted sources
● Be wary when using public wifi outside of the office
● Never use personal email accounts (e.g. hotmail, gmail, etc.) when
exchanging Confidential or Sensitive information
9. Incident Defined
● Problem: An issue that can be easily remedied
Examples: broken mouse, missing power cord, trouble loading new
software
● Incident: When something is not working as expected or there is a
deviation from the normal way something is expected to work.
Incident Response procedures kick in
● Breach: Sensitive personal data OR highly confidential customer data is
compromised
10. Quiz- Problem, Incident, or
Breach?
● What do you think? Are these “incidents” or “problems”?
● Your laptop was just stolen!
● MS Excel keeps crashing
● You lost your power cord
● There is a strange software loading message on your computer
● A participant’s data was accidentally shared with another participant
(or client)
11. Incident ‘Data’
The Data Loss Incident Report Template can be found in our “All
employee shared drive”
Document the following:
● How did you notice the event?
● What systems or hardware are affected?
● Is the information Confidential or sensitive?
● What did you do?
12. Privacy Basics
Privacy is a concept specific to individuals
● Personal space
● Right to be left alone
● Secrecy
● Control over personal data
A “data subject” is another word for an individual or person
Personal identifying information (or PII) refers to any bit of
data/information about a person that alone or in combination with
other data can identify that person.