“How Private Is It?”. Resources Learning Opportunities Reporting Policies and Procedures.
-
Upload
berniece-bell -
Category
Documents
-
view
218 -
download
0
Transcript of “How Private Is It?”. Resources Learning Opportunities Reporting Policies and Procedures.
A client approaches a counter and asks for services. The clerk asks the client for basic information:
The process has begun
The Investigation Begins
The Department of Human ServicesFinancial Assistance Division
The Financial Assistance Division administers many different financial assistance programs, most of which are financed by the federal and state government. The programs are targeted for families and individuals with incomes at or below the poverty level. Programs include: temporary, emergency or general assistance to needy families or indigents; grants for the disabled; food stamps; and Medicaid or refugee re-settlement.
The Process of Discovery
Conducted investigation interviewsRetrieved suspects computer hard drives
(DSS Commissioner Permission Required)
Requested SPIDeR Audit Trails (DSS – DIS, Information Security Unit – John Palese, Senior System Engineer)
Reviewed audit trails
The Violation
Worker uses SPIDeR to obtain information on citizens
Worker instructed by supervisor to obtain information on citizens by supervisor
Supervisor takes information and calls APECS (child support) pretending to be a citizen
Violation & Crime
Violation & Crime
Discovery of other employee violations
The Outcome
Reported violation to policeSupervisor terminatedEmployee resigns before terminationContract worker terminatedTwo employees suspendedTwo employees received written counselA letter sent to the Commissioner of DSS
Privacy Policy
The Virginia Department of Social Services computer system, and component parts, contain privileged customer and government information. Access to information is restricted to the Department of Social Services authorized users.
Unauthorized access, use, misuse, or modification of the data or the system, or unauthorized printing or release of data, is a violation of Department policy. It is also a violation of Title 18, United States Code Section 1030. Violators may be subject to criminal and civil penalties, including but not limited to a fine of up to $5000 and/or 5 years in prison, as set forth in Title 26, United States Code Sections 7213 and 7431.
Other Laws
The Privacy Act of 1974Virginia Code 2.2-3800–3803Computer Invasion of Privacy Under the
Virginia Computer Crimes ActInformation Technology Security StandardVirginia Department of Social Services –
Information Security Policy
Agencies Agreements
The Social Security Administration and the Commonwealth of Virginia
The Department of Motor Vehicles and the Virginia Department of Social Services
The Virginia Employment Commission and the Virginia Department of Social Services
Lack of public trust Open to civil suits Loss of database accesses Loss of the ability to provide services to our
citizens Identity theft
Implement a stronger security training program
Implement random sampling of users No tolerance policy – strong disciplinary
action for violators Educate the users Require all staff to attend Ethics Training Compliance with agreements Audits