Click here to load reader

New Data Regulation Law 201 CMR 17.00. TJX Video

  • View

  • Download

Embed Size (px)

Text of New Data Regulation Law 201 CMR 17.00. TJX Video

  • Slide 1
  • New Data Regulation Law 201 CMR 17.00
  • Slide 2
  • TJX Video
  • Slide 3
  • Slide 4
  • Slide 5
  • Slide 6
  • Minimum Requirements Secure Access control measures Secure user authentication protocols Monitoring for unauthorized access Encrypt PI that is or would be transmitted wirelessly
  • Slide 7
  • Minimum Requirements Encryption of all PI on portable media Laptop Smartphones PDAs Up to date Firewall and Security Patch Protection Up to date security agent software Virus Protection Malware Employee Training
  • Slide 8
  • W.I.S.P. Create a policy that encompasses the entire organization develop a Security Policy to Safeguard PI Identify existing PI Advise senior management if current technology places PI at risk Define rules for protecting PI that covers both paper and electronic records
  • Slide 9
  • W.I.S.P. Ensure all Employees that have access to PI records are trained in safeguarding Ongoing training through workplaces posters and e-mails Signed polices provide audit trail IT policies are important too.. Your login credentials are the keys to the kingdom
  • Slide 10
  • Safeguards for PI Store Hardcopies Restrict Access Monitor Access Establish Location Policy Scan Hardcopies Store Electronically Restrict Access Monitor Access Shred Hardcopies
  • Slide 11
  • Safeguards for PI Encrypt all Laptops entire hard disk drive, PDAs memory, and Smartphone's that hold PI against loss or theft PI data is unreadable even if disk drive is moved to another Laptop Unlocking disk encryption requires proper username and password, or more Or Encrypt PI files stored on Mobile Devices
  • Slide 12
  • Safeguards for PI PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media All Backup Tapes or External Hard Drives software must be encrypted.
  • Slide 13
  • Safeguards for PI If PI is sent across a wireless network, it MUST be encrypted Patch Management must be up to date Up to date Anti Virus Companies Firewall is to be up to date Wireless encrypted with security access
  • Slide 14
  • Safeguards for PI E-mails containing PI must be encrypted if sent via the internet. E-mail Content Filtering electronically searches the body of the e-mail and attachments for PI E-mails with PI will be automatically encrypted before traveling over the internet.
  • Slide 15
  • Safeguards for PI For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with IT Companies Payroll Company Benefit Companies 401(k) Life Insurance Insurance Caution: E-mail communications with these parties frequently involve PI data ensure those e-mails are encrypted
  • Slide 16
  • Safeguards for PI Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc. USB Flash Drives DVD CD
  • Slide 17
  • Safeguards for PI Terminating Employees Disable User right away Redirect E-mail to another user Remove Remote Access Dont allow ex employee near PI
  • Slide 18
  • Recap Thumb drive has info from the state Free trail version of Safe House [email protected]