Data security 1

Stonehill College

Information Security

and Identity Theft


• Data Security

• Identity Theft

Massachusetts Data Security Law

• M.G.L. 93H

• 201 CMR 17

• Personal Information

– First name or first initial and last nameAND

1. Government Issues I.D. OR

2. Financial Account Number OR

3. Social Security Number

Massachusetts Requirements

• Written Policy

– F9.2 Information Security Policy

• Safeguards

– Administrative

– Physical

– Technical

• Oversight

– Chief Information Officer

Massachusetts Requirements

• Identify records with personal information

• Routinely evaluate our safeguards

• Regular employee training

• Contractual assurances

• Share information on a need to know basis

• Document a breach

– Notify Office of the General Counsel

Identity Theft

• Federal Trade Commission

– Fair and Accurate Credit Transaction Act

– Red Flag Rules

– 16 C.F.R. 681

• College is a “creditor” with “covered accounts”

– Perkins Loan Program

– Deferred tuition payments

– Invoices to students

Identity Theft

• Identity Theft: when a person commits or attempts to commit a fraud using someone’s identity.

• Identity Theft Prevention Program

– College written document available online, or

– Request copy from the Office of the General Counsel

Technical Safeguards

adhering to best practices…


• Antivirus

• Central File Share– Required for confidential and internal use only

information

• Virtual Private Network (VPN)

• Identity Finder– Delete (shred to DOD standards)

– Encrypt

• TrueCrypt for Laptops


• Passwords– Minimum length of 8 characters

– At least 4 letters• Uppercase and lowercase

– Mixture of letters, numbers, and other characters• Alphanumeric and non-alphanumeric

– Cannot use your account name

– Cannot use your last 6 passwords

– Change them at least every 180 days


…an important part of our job…

Data security 1

Technology

Transcript of Data security 1