staff symposium it track material download site - stacs.net filestaff symposium ‐it track it track...

STAFF SYMPOSIUM ‐ IT TRACK

StaffSymposiumITTrack

MaterialDownloadSite

https://www.stacs.net/symposium/2018

5/17/2018 Session 1: PII Data Management 3

STAFF SYMPOSIUM ‐ IT TRACK5/17/2018 Session 1: PII Data Management 5

But first a special presentation from our Sponsors


ITTrackSession1:PIIDataManagementPlans,PracticesandStrategies

Businesses have legal liabilities and responsibilities to protect Personally Identifiable Information (PII) they receive, process and distribute.

Developing a data management strategy to minimize PII within Trustee operations and computer systems is necessary to limit the risk and impact of a data breach. Processes, practices and technical options to develop a custom strategy will be discussed with examples of easy win items to jumpstart your internal efforts.


Don’t Worry Marley Meter


DataManagementPlanning


STAFF SYMPOSIUM IT TRACK

WhyaDataManagementPlan?◦ Back in the day, cost drove good data management

◦ Storage got cheap and we got lazy

◦ Now data breach risks drive data management needs



DataManagementChallengeThe implementation of a data life cycle process to

◦ identify existing and new forms of sensitive data to protect,

◦ defines specific strategies, tools, processes and procedures

◦ controls and maintains the data’s security and integrity

◦ maintains availability of a minimum required data set



WhatisPII,ConfidentialorPrivacyData?

Handbook Definition: ◦ Full SSN/Partial, Case ID, Name, Address, Phone ◦ (pieces together)

Practical Definition (Data Breach): ◦ Full/partial SSN, Bank Account #

Debtor, Employer and Employee PII



Personally Identifiable Information Section 101(41A): Generally, PII is:◦ First name / initial and last name of individual;◦ Geographical address of residence;◦ Email address;◦ Telephone number;◦ Social security number; and◦ Account number of a credit card.

5/17/2018 14Session 1: PII Data Management


Employee Identifiable Information Employee, spouse and children PII Review, compensation, payroll Health/Life Insurance (HSA, HRA, FSA) Retirement (401K) Direct Deposit (Void check image, Routing/Acct No.) I‐9 Documents (Driver License, SSN Card, Passport,

etc.) Background Investigation



PII – cont’d F.R.B.P. 9037: A filing that contains a SSN/TIN, minor’s name, or financial account number:◦ Last four digits of SSN/TIN;◦ Year of individual’s birth;◦ Minor’s initials; and◦ Last four digits of financial account number.



PII – cont’d EOUST defines PII as:◦ Information which can be used to distinguish or trace an individual’s identity, such as name, social security number or biometric records, etc., alone, or combined with other personal or identifying information linked or linkable to specific individual, such as date and place of birth, mother’s maiden name, etc.



PII – cont’d What EOUST says is not PII:◦ First or last name, country, state or city of residence, age, gender or race and job position. (THB 4‐26, 4‐27)



DataManagementStrategy Objective: implement lifecycle data management

1. Manage Incoming Data2. Implement a lifecycle for Data in Use3. Manage Outgoing Data



DataInput/OutputManagementDefine Processing Practices◦ Train staff to spot PII data while processing inputs & outputs Tag PII on receipt features or set in document type setting

◦ Define procedures to redact PII in common documents Use redaction practices and tools for common data

◦ Work to remove PII Data dependencies in form, documents, outputs, & shared data Create a PII team to assess options and strategies



Actions Methods

Refuse Receive Redact Reduce Redistribute Remove Restore

Policies Procedures Practices Technology Training

ActionsandMethodsToConsider



Wheretobegin?1. Purge Old Cases2. Identify PII in ◦ documents, databases, systems and files

3. Determine Actions to apply to PII Identified



Wheretobegin?DataReductionStart with what you already have◦ Bulk Data Repositories Email, Case Databases, File storage Old and legacy data

◦ Storage and Backups◦ Virtual machines, Replicas, backups◦ Paper Records



Issues◦ Exchange recovery mail store contains 1 year of delete emails

◦ Decentralized in user mailboxes◦ Long term recovery by others

Implement◦ Data Retention Limit◦ 1 year rolling deletion

◦ Email procedures for specific business email

EmailReduction



Backup,ArchiveandPurgeCases Data moves between Production and Backup Production to Offline Archive to Destruction


BACKUPS

ARCHIVE

ActiveData

InactiveData

ExpiredData


Definitions Backup◦ Daily scheduled copy of important data and files

Purging◦ Secured permanent deletion of data from it original source

Archiving◦ Data not in active use◦ Kept offline and secured

Archive Purging◦ Secured permanent deletion of data from archive

Rolling – perform on a regular schedule



DataReduction‐ RetentionLimitsEstablish retention limits for different data types ◦ Tax Returns ‐ 30 days after 341◦ Closed Cases – 6 months move to case archives◦ Closed Case Archive – Purge after 7 years

◦ Employee Information – 5 years post separation Reviews, I‐9, Health/Benefit, Badge Photo, Email

◦ HR, Health, Benefits – 5 years post separation◦ Business Financials ‐ 2 year 7 years



CaseData&DocumentPurge Know your vendors recommended process and tools

Export old case data and files from database Store to an offline archive for long‐term recovery Purge old case data and files from database & server

Issue: Database transaction logs contain purged data records.



CaseVendorPIIDataManagement1. Backups, Database and Files2. Backups offsite3. Offline Archiving Capabilities4. Data Retention5. PII tagging of documents6. Other features for find PII in Database



DanGibbs– EasyImplementations1. Begin running the PII Searches on DB monthly.

Tweak tool to work for your office (remove more fields / tables from report where appropriate). Review results.

2. Review the SSN in Account # Report. Redact those payee account numbers that include SSN numbers. Staff implement this with minimal effort and XXX records will no longer include SSNs. Review more recent entries on open cases to determine if procedural input adjustment needed with staff.



DanGibbs– EasyImplementations3. Consider deletion of old tblLockBoxDetail records. Over 1M

records could be there with SSN can be eliminated. Determine need for retention on a rolling basis. Delete as part of monthly routine. NOTE: If triggers exist on this table, may want to drop them to avoid copying all SSN from here to the audit table. Work with Bank to remove or redact SSNs.

4. Consider removal of debtor/parties/payees phone and email addresses from case vendor or other online public web portals. Instruct vendor accordingly.



DanGibbs– EasyImplementations5. Change the password being used on Tax Returns or

other secured documents if need to retain at all.6. Identify any extra hard copies of items stored

around the office. Old binders, drafts of documents, samples, training materials.

7. Have staff immediately delete Lockbox Export Files after transmission. This could eliminate files with 10,000 SSNs and employers depending on current retention schedule.



DanGibbs– EasyImplementations8. Annually change passwords on all vendor case

portal accounts and suspend unused accounts. ◦ Verify all accounts are limited to party in interest or

attorney of record. No unrestricted DA access to all cases.

9. Implement "Secure Transfer of Documents" agreements and have instructions to require redaction of SSN in all documents submitted. Establish process for review and feedback when not redacted. Communicate with existing users the need for redaction.



DanGibbs– EasyImplementations10. Use vendor provided or other tools to search for

PII reports to find 9 digit numbers stored in odd fields and review to see if these are SSNs. If so, determine redaction methods.

11. Redact SSNs in purged data table for older cases.
