Youth Leadership Forum for Students with Disabilities YLF

Youth Leadership Forum for Students with Disabilities (YLF) Information Security and Confidentiality Training

Why is this training necessary? • Since YLF is a public-private partnership, all partners share the Department of Rehabilitation's (DOR) information security responsibilities. • The YLF has adopted policies in support of DOR’s information security requirements.

Laws and Regulations Information Practices Act of 1977 • Civil Code 1798 et seq. expands upon the constitutional guarantee of privacy by providing limits on the collection, management, and dissemination of personal information by state agencies. DOR’s Privacy Policy • Developed and are maintained in accordance with the Information Practices Act of 1977.

Sanctions and Penalties Impact to YLF • Loss of funding • Loss of public trust • Lawsuits Individual • Civil penalties • Criminal penalties • Possible discipline

Confidential Information includes: • Personal Information - any information that is maintained by YLF that identifies or describes an individual. • Medical Insurance information

Confidential Information (2) Examples: • Personal identifying information • Full Name, Age, Date of Birth, Social Security Number • Contact information • Address, ZIP Code, Email, Telephone Number • Medical information • Any information regarding medical history, mental or physical condition, treatment, or diagnosis • Disability information • Health insurance information

Confidentiality refers to: • Limiting information access and disclosure to authorized individuals • Preventing access by or disclosure to unauthorized individuals • Implementing safeguards for protecting personal and confidential information

Security Measures for Confidentiality • Collect only the information required to administer the YLF program. • Store information in a secure fashion. • Lock your computer, laptop, phone, etc. , when you are away from it.

Security Measures for Confidentiality (2) • Treat all personal, health, and medical insurance information as confidential. • Access only the information required for your assignment on a “need-to-know” basis. • Never leave information unattended and protect all information, regardless of media (electronic or hard copy).

Security Measures for Confidentiality (3) Electronic • Records containing names, contact information (addresses and phone numbers), medical or disabilityrelated information shall be electronically encrypted prior to transmittal and only downloaded or stored on secure, password-protected devices with up-to-date anti-virus software. • All electronic copies containing confidential information shall be deleted once YLF planning is over (copies will be maintained by the CCEPD staff).

Security Measures for Confidentiality (4) Securing Electronic Files Email • Redact any confidential information within the body of an email that could make a person vulnerable to identity theft. • Protect any attached documents with confidential information with a password. • Provide passwords separately.

Security Measures for Confidentiality (5) Securing Electronic Files (Continued) Protecting a Microsoft Word document • Click File. . . • Click the Info tab. . . • Click Protect Document. . . • Click Encrypt with Password. . . • Enter a password. . . • Click OK. . . • Re-enter the password, then click OK.

Security Measures for Confidentiality (6) Securing Electronic Files (Continued) Protecting an Adobe. PDF document • Click File. . . • Click the Properties. . . • Click the Security tab. . . • Select Password Security from the drop down menu. . . • Check Require a password to open the document… • Enter a password. . . • Click OK. . . • Re-enter the password, then click OK.

Security Measures for Confidentiality (7) Hard copy • • Secure all copies from a printer immediately. Never leave confidential information unattended. Always keep in locked cabinet when not in use. Destroy through a secure confidential destruct process after use.

Security Measures for Confidentiality (8) Conversational confidentiality: • Not sharing confidential or sensitive information at social events, with individuals outside of the workgroups, etc. , unless it is on a “need-to-know” basis. • This includes before, during or after the YLF also.

What To Do If a Breach Occurs Immediately report any actual or suspected breach of confidentiality to the management of the California Committee on Employment of People with Disabilities (CCEPD). Daniel Gounder, YLF Project Manager Daniel. Gounder@dor. ca. gov 916 -445 -9932 Maria Aliferis-Gjerde, Executive Officer Maria. Aliferis-Gjerde@dor. ca. gov 916 -558 -5698

What To Do If a Breach Occurs (2) • As the “owner” of YLF’s confidential information, the CCEPD will forward any actual or suspected breach of confidentiality reports to DOR’s Information Security Officer. • Depending on the severity of the breach, DOR’s Information Security Officer may report the incident to the appropriate authorities.

Summary • All YLF partners share the Department of Rehabilitation's (DOR) information security responsibilities. • Treat all personal and medical insurance information as confidential. • All confidential information is only available on a “need-to-know” basis. • Follow all previously mentioned security measures. • Report any potential breach immediately.

Acknowledgement Form Please sign and return the accompanying “ 2019 YLF Information Security and Confidentiality Agreement” to the YLF staff at the California Committee on Employment of People with Disabilities by email at ylf@dor. ca. gov.

Questions? Please contact the California Committee on Employment of People with Disabilities if you have any questions on YLF information security and confidentiality. Phone: (855) 894 -3436 Email: ylf@dor. ca. gov