NEVADA LEGISLATUREAUDIT DIVISION

Obtaining, Storing, and Using Confidential Data

ENTRANCE CONFERENCELETTER OUTLINING OUR ACCESS TO EVERYTHING

ENTRANCE CONFERENCELetter outlining our confidentiality of work we collect

All working papers from an audit are confidential

IF ALL ELSE FAILS

• Keep data on site at agency

• Review data or documentation with the agency

• Obtain a Legislative Counsel opiniono Usually results in the agency obtaining an

Attorney General opinion

KEEPING DATA SAFE

KEEPING DATA SAFE

• IronKey continuedo Contractor for Nevada dropped USB drive,

containing confidential data, in parking lot.o She is no longer a contractor for the state.

• Truecrypt-now defunct (closed down with no explanation)

• BitLocker (native windows product)

• CISCO VPNo Hit and miss when using TeamMate

USING CONFIDENTIAL DATA

• Two levels of “confidential”

o All our work is confidential

o SS#, HIPA, etc.

USING CONFIDENTIAL DATA

USING CONFIDENTIAL DATA

• Normally not kept in work papers

o Social Security numbers

Keep names & other data

Annotate with auditor observation