Security Awareness 9 10 09 V4 Sens Info
Click here to load reader
-
Upload
megan-bell -
Category
Business
-
view
149 -
download
1
Transcript of Security Awareness 9 10 09 V4 Sens Info
its.unc.edu 1
Many types of Sensitive
Information are stored on
your computer. It is
important to protect it
from hackers who wish to
cause harm.
Sensitive Information Sensitive Information
its.unc.edu 2
Sensitive Information & Your UNC Job
Sensitive Information & Your UNC Job
Access Sensitive Information only
when
required to complete your job.
Keep your passwords secret!
Comply with the University
policies,
such as the Acceptable Use Policy.
Avoid storing Sensitive Information
on mobile and portable devices.Report promptly the loss or misuse of University information to the campus IT Help Desk at (919.962.HELP), your supervisor, or the ITS Information Security Office.
Section: Sensitive Information
its.unc.edu 3
Sensitive Information Examples
Sensitive Information Examples
Personal information• Social Security numbers
Protected health information• medical records
Student education records • grades or honor code
proceedings Customer information
• bank account information Card holder data
• credit card numbers Confidential personnel information
• disciplinary information Some research data
• data involving patents
It is every employee’s
responsibility to protect Sensitive Information and
keep it confidential.
Section: Sensitive Information
its.unc.edu 4
Regulations Related to Sensitive Information
Regulations Related to Sensitive Information
FERPA (Family Educational Rights and Privacy Act)
Covers educational records, including student grade information
HIPAA (Health Insurance Portability and Accountability Act)
Covers medical information, such as patient records
Sensitive Information is subject to a
number of state and federal
regulations, including:
Section: Sensitive Information
its.unc.edu 5
Regulations Related to Sensitive Information
Regulations Related to Sensitive Information
State Personnel Act
Covers information maintained in personnel files, which, with very limited exceptions, is considered confidential
State Identity Theft Prevention Act
Covers information, such as Social Security numbers or the name of a person in combination with a checking account number, often sought by criminals intending to commit identity theft.
Section: Sensitive Information
Sensitive Information is subject to a
number of state and federal
regulations, including:
its.unc.edu 6
Learning Point # 2Learning Point # 2A friend asks me to post his
resume on my Web site. The resume contains his full Social Security number.
Since he gave me his permission to post the resume, the Social Security number is not considered Sensitive Information. Right?
Wrong! In fact, Social Security numbers are
considered Sensitive Information under the North Carolina Identity
Theft Protection Act and should only be disclosed if absolutely necessary.
Social Security numbers should never be posted on Web sites.
Section: Sensitive Information
its.unc.edu 7
Learning Point #3Learning Point #3
My supervisor has asked me to shred some old files. As I am going through the files, I notice
grade information belonging to my neighbor’s son. I can peek at the file since my neighbor already has informed
me that her son is an Honors student. Right?
Wrong! In fact, student grades are considered Sensitive Information. Any Sensitive Information should only be accessed if there is a business need for such
access. Accessing Sensitive Information without a business need
is a violation of University policy.
Section: Sensitive Information