Download - Datastewards
![Page 1: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/1.jpg)
Welcome
Personally Identifiable Information (PII) Protection Training for Data Stewards
![Page 2: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/2.jpg)
Data Steward Training
Goal The purpose for today’s training program is to
introduce you to a collection of policies designed to protect Personally Identifiable Information (PII) and to your role and responsibilities as a Data Steward.
![Page 3: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/3.jpg)
Data Steward Training
Learning Objectives:
As a result of participating in today’s program you will: • Learn about Loyola’s Personally Identifiable
Information (PII) Protection program • Gain a better understanding of your role and
responsibilities as a Data Steward• Acquire a list of tools and resources that can support
you in your role as a Data Steward
![Page 4: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/4.jpg)
Data Steward Training
Agenda
• The Challenge of Protecting PII
• Loyola’s Process for Protecting PII
• Your Role in Protecting Loyola’s PII
• Tools and Resources
![Page 5: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/5.jpg)
Data Steward Training
Guidelines
• Program length: 60 minutes
• Ask questions – participate
![Page 6: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/6.jpg)
Data Steward Training
Protecting Personally Identifiable Information
![Page 7: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/7.jpg)
Data Steward Training
Loyola recently approved policies covering areas:
1. Data Classification2. Loyola Protected & Sensitive Data Identification3. Physical Security of Loyola Protected & Sensitive
Data4. Electronic Security of Loyola Protected & Sensitive
Data5. Disposal of Loyola Protected & Sensitive Data6. Loyola Encryption7. Compliance Review8. Data Breach Response
![Page 8: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/8.jpg)
Data Steward Training
All data produced by employees of Loyola University Chicago during the course of University business will be classified as one of these three types of data:
› Loyola Protected Data› Loyola Sensitive Data› Loyola Public Data
(Definitions on next slide)
![Page 9: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/9.jpg)
Data Steward Training
Definitions– Loyola Protected data (LPro data)
• Protected by Federal, state, or local laws• Includes SSNs, credit card numbers, bank account info, driver’s
license numbers, personal health info, FERPA info, etc
– Loyola Sensitive data (LSen data)• Not covered by laws, but information that Loyola would not
distribute to the public• Determined by the department that created the data
– Loyola Public data (LPub data)• Information that Loyola is comfortable distributing to the general
public.
![Page 10: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/10.jpg)
Data Steward Training
Role & Responsibilities
for Data Stewards
![Page 11: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/11.jpg)
Data Steward Training
• The primary responsibility of a data steward is to help their department identify locations of Personally Identifiable Information (PII)
• The data steward will also produce documentation used by ITS and your department indicating where PII is located in the department
![Page 12: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/12.jpg)
Data Steward Training
Responsibilities• Identify computers that store or access Loyola
Protected or Loyola Sensitive data– Conduct systems scan every 6 months
– Use software scanning tool that flags possible LPro information
– Record information from the scanning software tool in a spreadsheet for ITS and your department
– Fill out the department’s Data Security Compliance Review form and submit to ITS
![Page 13: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/13.jpg)
Data Steward Training
Responsibilities
• Act as a resource for your department by providing information about the policies and their impact
• Conduct presentations as needed to raise awareness Sample presentation:
http://www.luc.edu/its/pdfs/dspresentation.ppt
![Page 14: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/14.jpg)
Data Steward Training
Changes in how your
department handles
Loyola data
![Page 15: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/15.jpg)
Data Steward Training
Changes for Paper documents
• Limit access to department workspaces that store LPro or LSen data in paper form – your department should:– Create a list of individuals with access to restricted areas;
provide Campus Security with a copy of the list– Require a badge or key to access those areas– Allow no public access to those areas
• Acquire/use approved shredders to dispose of documents– Limit access to printers and faxes
• Properly store LPro or LSen documents; avoid leaving LPro or LSen information on desks and other work areas when no one is present
![Page 16: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/16.jpg)
Data Steward Training
Changes for electronic documents
• Restrict access to computers and other electronic devices that store LPro or LSen data in electronic form
• LPro or LSen data cannot be stored on computers or electronic devices that are not encrypted
• ITS will provide instructions for installing the encryption software for those users that need it
![Page 17: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/17.jpg)
Data Steward Training
Preferred storage for remote access
• LPro or LSen data preferred storage for remote access
1.Network drives (VPN + Remote Desktop)
2.Laptop w/ encryption software
3.PDA/Blackberry/Smartphone w/ encryption software
4.Portable drive w/ encryption software
5.CD/DVD/disk as an encrypted file
![Page 18: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/18.jpg)
Data Steward Training
Disposal of LPro or LSen data
• Paper – Shred either through shredding service or approved personal shredder (Purchasing has list of approved shredders)
• Electronic – Contact ITS for proper disposal
• If taken outside of Loyola, either dispose of as above or bring paper / device back to Loyola for proper disposal
![Page 19: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/19.jpg)
Data Steward Training
Encryption of data • Electronic data transfers must be secured• If you need to send sensitive data via email, please
contact ITS for information on sending encrypted emails
• LPro or LSen data on physical media (CD, portable drive, etc) must be encrypted
• ITS will assist in configuration and training for department-specific issues on an as-needed basis
![Page 20: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/20.jpg)
Data Steward Training
• Report possible breaches / exposures– Call 86086 / 773-508-6086– Email [email protected]– Go to anonymous reporting page at
http://www.luc.edu/its/security/data_security_form_anonymous.shtml
![Page 21: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/21.jpg)
University Deployment Plan
• Split into 4 phases– ITS pilot– Sullivan Center pilot– High-risk areas (HR, Finance, etc)– Rest of the university
• Main communication effort will occur before the 4th phase – university-wide deployment
![Page 22: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/22.jpg)
Communication Strategy
• Town hall meetings
• Inside Loyola Weekly
• Separate email blast to all staff
• Communications specifically targeting faculty
![Page 23: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/23.jpg)
How Do I …?
• Give a presentation to my department about this?
• Perform the scanning portion?
• Install the encryption software?
• Fill out the paperwork?
• Get other questions answered?
![Page 24: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/24.jpg)
How Do I…?
Give a presentation to the rest of my department?
• Recommended so they will have a better understanding of how they can help protect PII and other sensitive data
• Complete presentation available at http://www.luc.edu/its/pdfs/dspresentation.ppt
• Please send any questions you cannot answer to ITS ([email protected] or x86086)
![Page 25: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/25.jpg)
How Do I…?
Perform the scanning portion?
• Send an email to everyone in your department asking them to go to Loyola Software -> Useful Tools -> Spider Scanner– This will install and run the scanning software– The process can take an hour or two, but the user
can continue using their machine while it works– Program will automatically close when done
![Page 26: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/26.jpg)
How Do I…?
Install the encryption software?1. Close all open programs
2. Go to Loyola Software -> Useful Tools -> SafeGuard Easy Install
3. Machine reboots several times
4. Login, wait for machine to reboot twice more
5. Close encryption image and login
6. Verify red icon on hard drive, logout or lock machine but LEAVE IT POWERED ON!
You can use your computer while it encrypts, but it will run more slowly until the process completes
![Page 27: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/27.jpg)
How Do I…?
Fill out the paperwork?• Two different forms to complete
– While reviewing the spider log with the user, fill out the PII Tracking.xls spreadsheet
– Once all computers have been scanned and their logs reviewed, fill out the Data Security Compliance Review form available at http://luc.edu/its/pdfs/gov_PIIP/Personal%20Information%20Protection%20Compliance%20Review.pdf (the last page)
![Page 28: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/28.jpg)
How Do I…?
Get other questions answered?
• Call / Email / Stop ByJoe Bazeley
773-508-6086 / 86086
Granada Center room 235
![Page 29: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/29.jpg)
Data Steward Training
Tools and Resources
• ITS Contact– Joe Bazeley– [email protected]– 773-508-6086 / 86086
• Policies • Presentation – add links• Reporting breaches
– Anonymous reporting page at http://www.luc.edu/its/security/data_security_form_anonymous.shtml
– Email [email protected]
![Page 30: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/30.jpg)
Summary
As a Data Steward you play an important role in ensuring that your department is in and
remains in compliance with Loyola’s policies for protecting PII and other sensitive
information
![Page 31: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/31.jpg)
Summary
Responsibilities• Be a resource to your department by providing
information about these policies and their impact– Sample presentation available at
http://www.luc.edu/its/pdfs/dspresentation.ppt • Conduct scans of department media every 6 months
– Check output of LPro/LSen data detection tool on each individual’s computer
– Provide summary info on LPro/LSen data to ITS and your department
– Fill out department’s compliance form for ITS
![Page 32: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/32.jpg)
Summary
• Badge/key access restrictions• Printers and faxes in secure areas• Use approved shredders• Secure desk when not around• Encryption of computers• Cannot store LPro or LSen data on unencrypted
computers• Store files on network drives for
remote access
![Page 33: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/33.jpg)
Data Steward Training
Questions?
![Page 34: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/34.jpg)
Data Steward Training
Thank youfor
Your participation
![Page 35: Datastewards](https://reader035.vdocuments.us/reader035/viewer/2022062405/5578a917d8b42a4d4b8b48b7/html5/thumbnails/35.jpg)
Full Disk Encryption Install Demo
Short version of install process:
1. Close open documents
2. Launch program
3. Wait several minutes, login
4. Wait several minutes, close picture then login again
5. Log out or lock computer, but leave it powered on