Best Practices for Data Security and Protecting

Transcript:Best Practices for Data Security and Protecting:
Best Practices for Data Security and Protecting Personal Information MCLE – March 2017 Presenter Matthew Pettine, CGEIT, CISA, ASE, MCSE, MCDBA, MBA Managing Director, IT Advisory Practice MFA Cornerstone Consulting (978) 557-5354 mpettine@mfacornerstone.com Page 2 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. About MFA Proactive CPA and consulting firm with national and global reach Founded in 1982 Over 150 professionals, including 25 partners Located in Tewksbury, Massachusetts Page 3 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. About MFA Business Tax Individual, Family and Fiduciary Tax State and Local Tax Audit and Assurance Technical Accounting Advisory Transaction Services Valuation Litigation Support Fraud and Forensic Accounting Business Performance Enhancement Sarbanes-Oxley Compliance Internal Controls IT Advisory Wealth Management Retirement Plan Advisory Professional Staffing Page 4 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. Some Privacy and Electronic Data Regulations Health Information Privacy Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health (HITECH) Financial Service Modernization Act (Graham-Leach-Bliley GLBA) Family Educational Rights and Privacy Act of 1974 (FERPA) FTC – Fair and Accurate Credit Transactions Act (FACTA) Red Flags Rule Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) Massachusetts Privacy Regulations: 201 CMR 17 PCI -DSS (Payment Card Industry – Data Security Standards) Page 5 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. Common Themes Physical, Technical and Administrative Controls Protection against unauthorized access or disclosure Notification Requirements Written Policies Training Business Process Development and Monitoring Enforcement and Penalties! Page 6 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. Massachusetts Privacy Regulations: 201 CMR 17 Law is designed to protect the personal information of Massachusetts citizens Intent of law is to prevent personal information from being breached in the first place As opposed to merely addressing what must happen in the wake of a security breach Establishes minimum standards, responsibilities and reporting protocol Page 7 | Copyright 2017. MFA – Moody, Famiglietti & Andronico, LLP. All rights reserved. Massachusetts Personal Data Security Law Personal information to be protected includes: A citizen’s name (first & last or first initial & last name) COMBINED with one or more of the following: Credit card number Social security number Financial account number State issued identification number Page 8 | Copyright 2017. MFA – Moody,