CONTACT US

Privacy Governance & Information Security Requirements

TABLE OF CONTENTS  

Computer System Security Requirements
Implementation Steps
Information Security Programs


Computer Systems Security Requirements

  • Secure user authentication protocols
        Unique user IDs 
        Complex and secure passwords –selection, storage or use of unique identifier technologies (biometrics, token devices) 
        Access for active users 
        Account lockout 
        restricting access to records and files
  • Encryption requirement in transmission: public networks and wirelessly
  • Encryption requirement in stored information: all personal information stored on laptops or other portable devices
  • Firewall protection: systems connected to the Internet with PII files -firewall protection and reasonably up-to-date security patches
  • Malware and virus protection: reasonably up-to-date malware protection and patches and virus definitions, set to receive updates on a regular basis
  • Reasonable monitoring of systems: unauthorized use of or access to PII

Education and training: each covered entity

Implementation Steps

Implementation Steps –Risk Assessment 

Privacy program will vary depending on size, complexity, type of business, and risk posture.
Privacy Impact and Risk Assessment
1. Personal information collected by your organization: types and source
2. Purpose for collection
3. Intended use
4. How secured and shared with third parties

Implementation Steps –Gap Analysis 

Gap_ Analysis 

Information Security Program 

  • A well-established Information Security Program typically includes administrative, technical, and physical safeguards.
  • Establishing an Information Security Program: 
        – Designate Program Owner 
        – Consider gap analysis 
        – Develop security policies
  • Granting access to PII on an as-needed basis
  • Physical access restrictions 
  • Program monitoring
  • Ensuring outside vendors are in line with company privacy policies
  • Periodic reassessment of program
  • Procedures to address program violations
  • Security breach response procedures


Information Security Program includes: 

  • Granting access to PII on an as-needed basis
  • Physical access restrictions
  • Program monitoring
  • Ensuring outside vendors are in line with company privacy policies
  • Periodic reassessment of program
  • Procedures to address program violations
  • Security breach response procedures 

Final Thought
Most privacy breaches are avoidable through fairly simple measures.

Have Questions or Comments?

If you have any questions about this media item, we'd like to hear your opinion. Please share your thoughts with us.

Contact EisnerAmper

* Required