Privacy Awareness Training - George Washington University · PowerPoint Presentation Author:...
Transcript of Privacy Awareness Training - George Washington University · PowerPoint Presentation Author:...
![Page 1: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/1.jpg)
Privacy Awareness Training
The Office of Ethics, Compliance and Privacy
Dorinda Tucker, Associate Vice President
![Page 2: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/2.jpg)
What is Privacy?
2
Institutional Privacy Individual Privacy
You as the individual (data subject) should decide how your data should
be used.
Context is critical to privacy.
(As an individual)
Freedom from interference or intrusion.
(As an individual)
The use and governance of personal data
![Page 3: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/3.jpg)
Privacy
The what?
SecurityCompliance
The how?How do you
know?
Interdependent Business Functions
![Page 4: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/4.jpg)
Privacy and Data Protection
4
Why is it important?
• Establishes trust in our individual interactions
• Builds our reputation as an organization which values and safeguards information
• Prevents Harm:
• Information Sharing
• Intrusions/Breaches
• Legal and Contractual Compliance
![Page 5: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/5.jpg)
Who is Responsible for Data Protection?The GW Community
5
Vendors
Partners
![Page 6: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/6.jpg)
Evolving Privacy Regulatory Landscape
6
What do you need to know?
FERPA
Privacy protection of EU
citizens:
• Displaying lawful
basis for processing
(consent)
• Right to be forgotten
• Records of
processing activities,
accountability.
Privacy protection of the
health information of U.S.
citizens/residents:
• Set rules for use and
release of health
information and
records.
GDPR
HIPAA
Privacy protection of
students in the U.S:
Education records:
• Files
• Emails
• Documents
• Any information
related to student.
GLBA
PCI-DSS
![Page 7: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/7.jpg)
What about Your GW Policies?
7
Privacy and Information Security Policies
• Personal Information and Privacy Policy
• Information Security
• Records Management Policy (University Records Schedule)
• Social Media Policy
• Privacy of Student Records
• GW Email
• Acceptable Use Policy for Computing Systems and Services
• Acquisition of Computer Hardware and Software
• Social Security Number and GWID Usage
![Page 8: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/8.jpg)
Personal Information and Privacy Policy
8
Personal Information: Any information that relates to an identified individual.
Purpose of policy: To promote compliance with national and international
privacy laws and regulations.
Who is governed by this policy? Students, staff, faculty, contractors and
entities (vendors, partners) who generate, collect, use, store and process
personal information for GW.
Why should you know this policy? Provides you with guidelines for how we
collect, use and dispose of personal information.
![Page 9: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/9.jpg)
Privacy by Design
Accountability through the life cycle
9
How does your office handle data?
• Lawful Basis/Consent
• Transparency
• Data Minimization
• Structured vs unstructured
• Records retention policy
Create
Store
UseShare
Archive
Destroy
![Page 10: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/10.jpg)
Data Classification is Key
10
Know Your Data
Regulated: Information Protected by local, national or international regulation
Personal Data from
European Union
Student Education Records Payment Card Information
(PCI)
Research Data that is
protected by statue
Personally identifiable data
i.e. Social Security
Numbers
Student Loan Application
Information
Protected Health
Information (PHI)
Export controlled Research
Law Enforcement
Information
Financial Aid student bills Past, present, or future
physical or mental health
conditions.
Restricted: Information limited to appropriate university faculty, staff, students
Departmental admin Course Information/Class
Schedules
Unpublished research General Ledger data
Internal directory
information
Facilities/Physical Plant
records
Proprietary IP Wire transfers/Payment
history
Performance appraisals Salary/Benefits Payroll/Tax Data HR Data
![Page 11: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/11.jpg)
Q&AScenarios
![Page 12: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/12.jpg)
Top Tips
12
Consider your business need, process and practice
• Structured vs unstructured data
• Data Minimization
• Transmission
• Data Storage
• Device Usage
• Data Disposal
• Spreadsheets on hard drive/Pdf of emails
• Is this data necessary to be collected, transmitted,
stored, kept?
• BOX , Google Drive, Hard Drive
• Passwords, GW Managed Equipment
• Encryption or Not with GW Network
• Are my working practices secure?
Privacy Principle Applying Privacy
![Page 13: Privacy Awareness Training - George Washington University · PowerPoint Presentation Author: RejekiLancar Created Date: 5/22/2019 1:57:55 PM ...](https://reader033.fdocuments.us/reader033/viewer/2022060520/604ebf4ffc065667480ff373/html5/thumbnails/13.jpg)
Thank You
Feel free to contact us:
Resources• Privacy Website
• Information Security Website
• Compliance Website
• Guide to GW’s Information Management and Protection
Policies
• Three Steps to Data Security
• How to Use Data Encryption
• Email Security Guide
• International Travel
• Guide to Data Storage and Custodial Practices
Email us: [email protected]