UF Protection Office.

Uploaded on:
UF Protection Office Susan Blair, MSJ, MBA, CIPP - CIA Boss Security Officer Street to the UF Protection Office 20-year Wellbeing Proficient BA, Wellbeing Organization MBA, Fund and Mgmt 18-year Corporate Mgr. Administrator, Fund and Planning Inside Inspector Executive, Word related Wellbeing
Slide 1

UF Privacy Office Susan Blair, MSJ, MBA, CIPP - CIA Chief Privacy Officer

Slide 2

Road to the UF Privacy Office 20-year Health Professional BA, Health Administration MBA, Finance & Mgmt 18-year Corporate Mgr. Administrator, Finance & Budgeting Internal Auditor Director, Occupational Health MSJ, Health & Privacy Law UF Privacy Manager Privacy Professional Certification

Slide 3

Role of UF Privacy Officer Required by elected wellbeing regulation, compelling April 2003 Analyze significant security regulations; evaluate foundation protection related dangers; give oversight to administrative consistence; track results Develop and actualize methods, approaches, and techniques Act as focal contact and examination power for protection dissensions, asserted ruptures and notices Recommend disciplinary activities, up to and including rejection

Slide 4

Privacy & Confidentiality Defined… Privacy Freedom from interruption or perception Maintaining control over individual data Not US Constitutional right Florida Constitution (Article One, Section 23) “Every common individual has the privilege to be not to mention and free from legislative interruption into the individual\'s private life”; special case: Not to confine people in general\'s privilege of access to open records and gatherings as gave by law. Classification Only allowing certain approved persons to have data, with the understanding that they won\'t share the data but to other approved persons

Slide 5

Scope of Privacy Regulations at UF Federal Statutes Federal Education Records Protection Act (FERPA) Privacy Act of 1974 Patriot Act Graham-Leach-Bliley Act Fair Credit Reporting Act Right to Financial Privacy Act Children’s Online Privacy Protection Act (COPPA) Electronic Communications Privacy Act Stored Wire and Electronic Communications Act Cable Communications Policy Act

Slide 6

Scope of Privacy Regulations at UF Federal statutes cont’d Health laws Health Insurance Portability & Accountability Act (HIPAA) for therapeutic parts: Faculty practice arranges, HSC Colleges, CLAS, IFAS, Student Health Care Center, Institutional Review Boards, Benefit and Disability Plans, and UF Foundation Americans with Disabilities Act Federal Substance Abuse Record Confidentiality Rules National Industry Standards Payment Credit Industry Data Security Standards

Slide 7

Scope of Privacy Regulations at UF Florida Statutes Chapter 90: Evidence Chapter 119: Public Records Chapter 390: Mental Health Chapter 395: Health Care Organizations Chapter 397: Substance Abuse Chapter 440: Workers’ Compensation Chapter 456: Medical Records Chapter 458: Board of Medicine Chapter 501: Consumer Protection Chapter 817: Privacy Breach Notification

Slide 8

Scope of Privacy Regulations at UF International Privacy Laws US: Department of Commerce’s Safe Harbor Privacy Principles Europe: Council of Europe Convention for the Protection of Human Rights and Fundamental Freedom, EU Data Protection Directive, Articles 1-33 Canada: Personal Information Protection & Electronic Documents Act Additional Regulations: Argentina, Hungary, Iceland, Ireland, Japan, the Netherlands, and somewhere else

Slide 9

Top Three Danger Zones Family Educational rights and Privacy Act (FERPA): Student Records Authorizes Secretary of Education to end all government subsidizing if a college neglects to consent to statute Health Insurance Portability & Accountability Act (HIPAA): Protected Health Information Civil punishments and DOJ criminal indictments, which may bring about punishments and up to ten years of prison time Payment Credit Industry Data Security Standard (PCIDSS): Credit Card Information Noncompliant elements may be fined $500,00 per episode if cardholder data is traded off, and preparing benefits may be disavowed

Slide 10

Number One Privacy Crisis Privacy Breach, which may bring about Identity Theft UF Breach Experience PHI: 10,670 PII: 43, 924 Notifications: 10,672 $182 Average Cost (est.) per Compromised Record ID Theft: One suspect report

Slide 11

Why Do Privacy Breaches Occur? Insufficient Training and Careless or Inattentive Data Systems Management Data Rich Information Systems Outdated Data Security Safeguards Inadequate Administrative Policies Technology Failures Sophisticated Intruders, with Potential Criminal Intent Negligent Hiring Demonstrated Opportunities for Repeat Access Business Partners Fail to Protect Information

Slide 12

Effect of Privacy Breach Public Relations: Loss of Institution’s Reputation Financial Expenses: Legal, managerial, investigative expenses Notification, including interactive media notification, and Consumer Support Restitution Payments Law Enforcement Investigation Lawsuits: Civil or Consumer Class Actions Sanctions: Civil and/or Criminal Prosecutions, Penalties, Industry Actions, Research May Be Curtailed Reduced Donations or Contributions Promote Increased or Enhanced Regulations and Regulatory Surveillance

Slide 13

So, what does this intend to me? FERPA 2007 Unauthorized Disclosures: 849 in 7 episodes; 2 occurrences answered to government powers How does UF conduct FERPA preparing ? Universities: Business, Dentistry, Engineering, IFAS, Latin America Center, Medicine; every school must pay their break costs At danger: UF Research subsidizing, money related guide projects, recuperation and compensation costs

Slide 14

Individual College Mitigation Initiatives Complete preparing and mindfulness projects Complete online or classroom preparing Follow Privacy Statement practices; see http://privacy.ufl.edu/informationprivacy.html Rapid reporting of suspected rupture Meet or surpass UF information models; expel SSNs from databases including legacy frameworks; encode convenient gadgets, particularly portable PCs Background check workers in ‘trust’ positions, at least

Slide 15

Pop Quiz … Which of the accompanying exposures require the student’s composed authorization? A letter of reference for master\'s level college Transcript and GPA for school where understudy means to enlist Grades to the custodial guardian paying educational cost GPD asking whether the understudy was in class on a particular day To the understudy for individual reasons

Slide 16

Pop Quiz … An understudy doled out to a counsel solicitations to audit her instructive record, including everything the counselor has expounded on her. She trusts the counsel recorded individual data about her in his private notes, recorded amid their gatherings. Does the law permit the understudy access to every last bit of her records?

Slide 17

Check Your Answers … 100% right? Congrats. (Are your workforce and staff as knowledgable?) For FERPA preparing, see http://www.privacy.ufl.edu/studentfaculty.html Uncertain? Finish and direct your personnel and staff to finish the online FERPA preparing as well. Keep in mind … Compliance is more than mystery .

Slide 18

Questions ??? Contact Information Susan Blair, Privacy Officer Room N1-001, HSC (352) 273-5094 Hotline 866-876-4472 Websites: http://privacy.ufl.edu Emails: sablair@vpha.ufl.edu o

View more...