Legal Issues for Employees 201 - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Legal Issues for Employees 201

Description:

Don't use just one user name and password for all online accounts. Personal practices (cont'd) ... drives, memory keys, diskettes, CDs, etc. What about when ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 31
Provided by: JKirk
Category:

less

Transcript and Presenter's Notes

Title: Legal Issues for Employees 201


1
Legal Issues for Employees 201
  • How to Protect Yourself and WL from Improper Use
    / Disclosure of Confidential Information

2
Why Do I Need to Be Here?
  • Do you have a social security number? Bank
    account? Credit card? Medical records?
  • OR
  • Do you work with or around student records?
    Employee records? Credit cards? Donor financial
    information? Alumni information? University
    financial information? Other sensitive or
    proprietary information about University
    operations? Ever hear about any of this?

3
Whats this all about?
  • Three separate issues
  • What is PRIVATE (personally identifiable
    information protected by law, policy, or common
    civility)
  • How to keep PRIVATE information CONFIDENTIAL
    (seen/heard by only those with a legitimate need
    to know) and
  • How to keep such information SECURE (so that it
    cannot be improperly altered, removed, or
    destroyed).

4
Whats the problem?
  • Identity Theft - - dont think it cant happen to
    you.
  • Dumpster divers, shoulder surfers, computer
    hackers, keystroke loggers, etc.
  • Its not just people out there who are the
    problem - - we need to be pro-active to safeguard
    information.

5
Give me some examples . . .
  • Lets talk about your own personal recordkeeping
    and information security practices first
  • Do you have your social security number as your
    drivers license number? Consider changing to a
    random number.
  • Dont give out your social security number to
    anyone unless its mandatory and you have
    assurance as to safeguards.

6
Personal practices (contd)
  • Dont give out a credit card number over the
    phone unless youve dialed the company and know
    you can trust them.
  • Dont give out a credit card over the internet
    unless you see a symbol of encrypted online
    information delivery (lock).
  • Dont use just one user name and password for all
    online accounts.

7
Personal practices (contd)
  • Dont just throw credit card bills or other
    bills/documents with account numbers or social
    security numbers in the trash - - get a shredder.
  • Periodically, get a copy of your credit report
    (e.g., Equifax) to be sure there are no debts
    that you didnt incur.

8
What to do in case of identity theft?
  • Call 1-877-ID-THEFT to report to the Federal
    Trade Commission
  • Then call local police and FBI
  • Also report to Social Security Administration for
    SS theft
  • Contact credit card companies and other creditors

9
But enough about you . . .
10
Private information under law
  • Student education records (FERPA)
  • Financial account/loan records (Gramm Leach
    Bliley) student loans, employee home loans
  • Personally identifiable employee information kept
    by covered health plans (HIPAA) health, dental,
    flex, EAP

11
Private information under law
  • Records related to employee disability (Americans
    with Disabilities Act) kept separate from rest
    of personnel file
  • Medical records related to family and medical
    leave (FMLA)
  • Background Check results (disposal) (FACTA)
  • Student medical treatment / counseling records
    (private under Virginia law)
  • Human Subjects Research (surveys, etc.)

12
Private information under policy
  • Social security numbers and credit card numbers
    are included in WLs Information Security
    Program.

13
Other private WL information
  • Personally identifiable information re donors,
    alumni and alumnae.
  • Proprietary WL information (internal operations,
    financial/investments, research and institutional
    data not intended for public disclosure)

14
Responsibilities of WL employees
  • All university faculty and staff are expected to
    comply with university policies and procedures on
    privacy, confidentiality and security.
  • New employees (faculty staff) sign
    confidentiality and technology use agreements.

15
How to protect the confidentiality of private
information
  • Follow University and department policies,
    procedures, and protocols.
  • If you have no legitimate work-related necessity
    or educational reason to hear/see/disclose the
    information, dont.
  • Be sure that only those with a legitimate,
    work-related need to know have authority and
    access to private information.

16
How to protect the confidentiality of private
information
  • When in doubt, ask / confirm first before
    disclosing private information.
  • If you are aware of documents with private
    information being simply thrown away, not
    shredded or otherwise securely disposed of,
    advise department head or Scott Dittman, chair of
    ISP committee.

17
How to protect the confidentiality of private
information
  • Dont leave private information in plain view
    when leaving your work area.
  • Lock file cabinets containing private
    information.
  • Keep your office locked when you, or other
    authorized employees, are not present.
  • Avoid multiple copies of private information
    unless needed.

18
How to protect the confidentiality of private
information
  • Dont discuss private or sensitive information
    with open doors or in hallways, etc.
  • Treat private information as if it were about
    you.
  • Taking files home - - handle with care.

19
Protecting electronic information
  • Password security
  • 8 characters, alphanumeric
  • Change it often
  • Dont share it with anyone
  • Dont write it down and tape it close by
  • Give proxy to e-mail or calendar, not password to
    the account

20
Protecting electronic information
  • Lock your workstation each time you leave it
    unattended (Ctrl/Alt/Delete)
  • Shut down your computer each evening (allows
    patches and updates to apply AND keeps others off
    the computer)
  • Keep anti-virus/firewalls, etc. up to date on
    home computers if you work at home
  • Have multiple user names/pws

21
Protecting electronic information
  • Safe e-mail practices
  • Dont open attachments if you arent expecting
    them
  • Dont click on links in emails
  • Safe internet browsing
  • Dont click on it if you didnt ask for it
  • Dont allow random downloads
  • Safe instant messaging (AOL viruses)
  • Only communicate with known buddies

22
Protecting electronic information
  • Consider placement of screen / visibility to
    office visitors
  • Use screen blockers
  • Be careful with flash drives, memory keys,
    diskettes, CDs, etc.

23
What about when traveling?
  • Assume NOTHING is secure!!!
  • Wired is more secure than wireless
  • Always look for the encrypted (lock or
    equivalent) symbol to be sure communication is
    secure
  • Wireless off campus - - dont do log ins to other
    sites unless encrypted

24
What about while traveling?
  • Never user hotel lobby computers for anything
    sensitive or private - - only map quest type
    inquiries, etc.
  • Why? Keystroke loggers . . . Scary
  • If you lose a memory key, laptop, etc. report it
    to University Computing immediately

25
Specific private information
  • Student educational records (FERPA)
  • Know policy / guidance
  • http//registrar.wlu.edu/policies/ferpa.htm
  • Consent, unless school official with legitimate
    educational interest, subpoena, emergency, few
    other exceptions
  • Directory information unless opt out
  • Resources Registrar, counsel.wlu.edu

26
Specific private information
  • HIPAA
  • Records kept by WL health plans on employee
    medicals, claims, etc.
  • Group health, Flex, Dental, EAP
  • Deborah Stoner and Steven McClure are authorized
    officials (HR)
  • http//humanresources.wlu.edu/other/Benefit20Plan
    20Privacy20Practices.htm

27
Specific private information
  • Background check information (FACTA)
  • Disposal of such information
  • ADA/FMLA
  • Faculty staff medical information related to
    disability accommodations or family/medical leave
    - - should be kept separate from personnel file
    (HR Office)

28
Specific private information
  • Personally identifiable financial information
    (finances, social security number, credit card)
    (GLB WL policy)
  • Treasurers office
  • HR
  • Financial Aid
  • Business Office
  • Bookstore, Alumni Office, Special Programs,
    Development, etc.

29
Information Security Program
  • Campus internal inventory of department
    information security practices to identify and
    address any potential security concerns.
  • Will begin with Financial Aid, Treasurers
    Office, Business Office, HR, and other offices
    maintaining social security numbers or credit
    card numbers.

30
What to do in case of improper disclosure or
other security breach
  • Notify your department head, Scott Dittman
    (Registrar/Chair of ISP Committee), and/or Ruth
    Floyd (University Computing) as appropriate
Write a Comment
User Comments (0)
About PowerShow.com