Versions Compared

Old Version 32

changes.mady.by.user Former user

Saved on

compared with

New Version 33

changes.mady.by.user Manjak, Martin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As criminal fraud incidents involving stolen or lost information have proliferated, states and the federal government have imposed increasingly stringent requirements on businesses and government entities to ensure that adequate protections are applied to collections of business records containing sensitive, personal information.
The Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA) are two examples of federal legislation that require specific levels of protection and authorize penalties for failure to comply with those requirements.

Two At least two statutes in New York State, the Information Security Breach and Notification law and the Social Security Protection law, impose severe penalties for the mishandling and misuse of social security numbers. Recently, new provisions Provisions in the state’s Labor Law and Public Officers Law imposed additional also impose restrictions on the use of social security account numbers by state entities.

...

Likewise, the University creates, assigns, and uses unique identifiers to accurately distinguish and track faculty, students, and staff through a myriad of business, research, academic, and health care processes.  Changes in FERPA rules (Dec 08) require institutions to maintain appropriate levels of privacy protection for these institutional forms of identification due to their close association with educational records. Sensitive information related to employment and health records is linked to them, as well.

...

2. Supervisory Personnel. In addition to the above general compliance requirement, supervisory personnel has have the following responsibilities:

  • Ensure that their staff understand and adhere to the statutory or University regulations that govern the use of the unit’s or department’s information.
  • Ensure compliance and adherence on the part of employees to the protocol’s Standards and Procedures document (See Related Documents for link).
  • Periodically review and update data access permissions and privileges to ensure that staff has have appropriate access levels to records. Terminations, transfers, and changes in employee work assignments require a review and adjustment of employee access privileges.
  • Report incidents of abuse of privileges, or unauthorized access to information, to the appropriate authorities upon discovery of such abuse or unauthorized access.

...

Protection_of_Identifiers_Standards_Procedures
Internal Control Vulnerability Assessment (See Factor 10)
• <https://www.albany.edu/internalcontrol/links.php>

SUNY Information Security Guidelines, Part 1: Campus Programs & Preserving Confidentiality, #6608
NYS Labor Law
NYS Public Officers Law
NYS Social Security Number Protection Law
Federal Educational Rights and Privacy Act
Federal Trade Commission Identify Theft Red Flag Rules
Health Insurance Portability and Accountability Act
Gramm Leach Bliley Act
Freedom of Information Law
NYS Information Security Breach & Notification Law
NYS Business Law and Technology Law
NYS Information Security Policy P03-003
SUNY Policies of the Board of Trustees

...