PII & Information Security Training 2008-2009

PII Outline

1. Welcome

2. PII Defined

3. Other Information

4. Minimum Standards

5. Disclosure

6. PII on Paper

7. Electronic PII

8. Transmission

9. Closing the Loop

10. Review

11. Credit

 

 

Welcome.

This is SEC0220: Privacy Training
Privacy, HIPAA, and Protected Information Training

The course will take 5-15 minutes to complete depending on your responses. You will receive credit when you submit your employee number at the end of the training.

Who is this for?

This training is mandatory for all members of the LBL community who process personally identifiable information, or create systems which process personally identifiable information. In 2008, it is also automatically required for all employees in IT, CFO, HR, and some parts of EHS and the Directorate. The course will not be repeated unless our policies change.

Why is this important?

1.We have a responsibility to protect the personally identifiable information (PII) we are entrusted with, whether it comes from our employees, guests, research subjects, or other members of our community.

2.California and Federal Law and University Policy require that we take significant steps to protect this information, and notify anyone whose information is breached.

3.Both DOE and the University of California are extraordinarily sensitive about this issue, given past experience. From the point of view of the institution’s reputation, a breach – even a small one – of personally identifiable information could be devastating.

What won't this course cover?

This course will not tell you everything you need to know to effectively manage PII. As a professional at LBL who works with PII, you are expected to know, or work with your line management to acquire, the information necessary to do your job - which includes protecting information you have been entrusted with. This course is designed as a refresher and a common baseline. If you need more information, discuss this with your line management.

Isn't this just about computers?

No. This is a business process issue. We need to manage the business processes which touch, manipulate, and store PII whether they happen electronically or on paper. We need to structure processes around PII to minimize the chances of making a mistake.

Next>>>

 

(c) 2008 Regents of the University of California, Lawrence Berkeley National Laboratory