Information Technology Security

(1)

Information Technology

Security

DECEMBER 2015 – ANNUAL ETHICS & POLICY TRAINING

THE EVERGREEN STATE COLLEGE

(2)

Our Computer Security Soapbox

(3)

Our Computer Security Soapbox



44% of IT data breaches are caused by malicious or criminal attack.



Average cost for each person record impacted by a data breach is $259/record.



If all 2013 staff & faculty records were accessed in a data breach the starting

point for the potential cost to Evergreen = $197,617.



Local impact: State of Washington, Administrative Office of the Courts, 2012

◦

Flaw in Adobe software was exploited

◦

Possible 160,000 Social Security & up to 1 million driver license numbers

accessed

(4)

Technology Safety Tips

Always be wary of email messages asking you to provide login information or click on a link.

Use complex passwords such as ‘L1f31sGr3at!’ vs ‘geoduck’.

Keep separate passwords for your different

computer accounts. Don’t use the same password at work that you use at home, that you use for banking, etc.

Allow Windows/ Macintosh system updates and Sophos Anti-Virus update to install as soon as possible.

Lock your computer when you walk away.

DO not install extra toolbars/ programs on your computer.

Actual link was “memories4you.info…”

(5)

Need Help?

Have Questions?

Technology Help Desk

 Contact Information ◦ Phone: 360.867.6627 ◦ Email: [email protected] ◦ Location: Library 1806 ◦ Hours of operation ◦ Monday –Friday, 8a – 5p

(6)

Appropriate Use of

Information Technology

Resources

DECEMBER 2015 – ANNUAL ETHICS & POLICY TRAINING

THE EVERGREEN STATE COLLEGE

(7)

Appropriate UsePolicy Basics

Who: Applies to anyone with an Evergreen login or anyone accessing the

Evergreen network

When: At all times you are using your Evergreen login or using the Evergreen

network

Where: Here on campus or anywhere you are using your Evergreen login

Why: Misuse of technology resources has the potential to disrupt the legitimate

(8)

Expectations Evergreen Has for You Regarding Technology Use

 Consider ethics in using Evergreen technology

 DL Usage: Not for political agenda, personal gain

 Greener Commons: Personal gain

 Copyright/ plagiarism

 Do not share your account login with any one for any reason

 Protect college data – consider before you save

 Confidential data (SSNs, birth dates)

 File shares vs removable storage

(9)

Questions or

comments?

Jamie Daniel, Computing & Communications

(10)

The Public Records Act (PRA)

RCW 42.56

(11)

I t

t f th PRA

Intent of the PRA:

To ensure government remains open

and accountable.

“The people of this state do not yield their

The people of this state do not yield their

sovereignty to the agencies that serve

them... The people insist on remaining

p p

g

informed so that they may maintain

control over the instruments that they

(12)

Employees are Ethically Required to

Know

Pe sonal Legal Obligation “No state office o

 Personal Legal Obligation: “No state officer or

state employee may intentionally conceal a record if the officer or employee knew the record was

required to be released under [the PRA.]” RCW required to be released under [the PRA.] RCW

42.52.050

 Agency Liability: “An agency’s compliance with

the Public Records Act is only as reliable as the y weakest link.” PAWS v. UW, 125 Wn.2d 243, 269

(1994).

 Legal Duty Under the PRA: All employees must

help locate records and must be able to identify requests.

(13)

Strong Public Mandate in Favor of

Open Government



Passed by initiative in 1972



All records of an agency are

presumed to be subject to disclosure



Agencies must respond promptly and



Agencies must respond promptly and

provide fullest assistance to

requestors

(14)

PRA C

li

i

T

Eff t

PRA Compliance is a Team Effort

P bli R

d Offi



Public Records Officer



Records Custodians (this could be you)



Records Custodians (this could be you)



IT Staff



Agency Attorney

(15)

A Public Records Request Can Take

Any Form



Made to any employee



PRA does not mandate a request



PRA does not mandate a request

take any particular form

R

b i

il



Request can be in an email



Request may be oral



Request may be oral

(16)

All Records Presumed to be Public

Records

A bli

d

i

A public record is:

1) Any writing

2) Relating to the conduct / performance of any governmental or proprietary function

3) Prepared, owned, used or retained by a public agency

“Nearly any conceivable government record related to the conduct of government.” O’Neill v. City of

(17)

T

f R

d

Types of Records

T diti l R d C l d Traditional Records  Letters  Contracts  Calendars  Evaluations

 Public comment forms  Resolutions Electronic Records  Photographs, videos and MP3s  Databases Electronic Records  Emails  Word documents  Databases  Voicemails  Text Messages  Spreadsheets  PDFs  Social Media

(18)

Personal Computers, Email Accounts,

Cell Phone

Work-related records are public

records wherever they are located,

including:



Records saved on home computer

E

il

f

l



Emails sent to or from personal

email accounts

T

i d



Text messages sent to or received

(19)

P

& P

d

Process & Procedures

D ti f th P bli R

d Offi

Duties of the Public Record Officer

Five Day Response



Five Day Response



Log of Redactions & Exemptions



Log of Redactions & Exemptions



Contact and Follow-up

(20)

P

& P

d

Process & Procedures

f

Duties of each employee



Forward public records requests to the

Public Records Officer



Respond promptly to a call for records



Respond promptly to a call for records



Once records have been called for do



Once records have been called for do

(21)

E

ti

d P i

Exemptions and Privacy

RCW 42 56 030 S

h h PRA i



RCW 42.56.030 States that the PRA is to

be “liberally construed” and that

exceptions are to be “narrowly construed”

exceptions are to be narrowly construed

to preserve the public’s interest.



Costs, administrative inconvenience,

administrative difficulty, and time

constraints do not excuse an agency’s

constraints do not excuse an agency s

lack of compliance.

(22)

Exemptions Are Based on

St t t & C

L

Statute & Case Law

P l Id ifi bl I f i ( i i d

 Personal Identifiable Information (exception – mixed

records)

 Names of applicants test questions and certain

 Names of applicants, test questions and certain

personnel records

 Health Information

 Records Pertaining to an on-going investigation

Att Cli t P i il

 Attorney-Client Privilege

(23)

A

l i

E

ti

Applying Exemptions



Exemptions may only be

l d b

h

bl

applied by the Public

Records Officer.



Exemptions must be



Exemptions must be

(24)

P

lti

f

Vi l ti

f th PRA

Penalties for Violations of the PRA



Between 2006 and 2011, Washington

State has paid $4.8 million for Public

Records Act violations!



Penalties can range from $0 to $100

d

t

per day, per request



$0 per day for good faith only

$ p

y

g

y



Attorney fees and costs

(25)

Public Records Officer:

Anieska Timms

Phone:

(360) 867-6914

Phone:

(360) 867 6914

Email:

[email protected]

www evergreen edu/publicrecords

www.evergreen.edu/publicrecords

(26)

Whistleblower

(27)

Whistleblower Program

g

• “If you see something,

thi

”

say something”

• Report suspected improper

government actions

g

• Your identity is kept confidential

(28)

Whistleblower Reporting

 Internal Auditor – John Craighill

 X6112 [email protected]

 State Auditor’s Office – Jim Brownell

(29)

Copyright

(30)

Cop ight

Copyright

-Intellect al P ope t

Intellectual Property

D fi

d

Defined

Created

Infringement

g

(31)

Public Domain

and Fair Use

The exception

Acceptable uses

Four prong test

(32)

Copyright

Be Cautious:

• Copying

• Printing

t g

• Streaming

• Distributing

• Penalties

(33)

Copyright Resources

• US Copyright Office • US Copyright Office

• Evergreen Copyright Policy

• Digital Millennium Copyright Act • Evergreen’s Copyright Guidelines • Copyright Guidelines for Teachers • Administrator’s Copyright Guide

• John Craighill – Evergreen’s Copyright Officer x6112

(34)

Ethics

(35)

Ethics in Public Service Act

RCW42.52

H

d

th Ethi A t

How does the Ethics Act

apply to me?

(36)

Acts Incompatible with Public

Service

(better known as Conflicts of Interest)

(37)

(38)

(39)

(40)

(41)

f

Gifts

(42)

Use of Persons, Money or

,

y

Property for Private Gain

What is “de minimis” use of

state resources?

(43)

Use of Public Resources for

(44)

Recent Ethics Violations

 SPSCC employee: conflict of interest, special privilege and

use of state resources

 Evergreen employee: conflict of interest, special privilege  Two DSHS employees: use of state resources

 Highline Community College employee: conflict of

interest, special privilege and use of state resources interest, special privilege and use of state resources

 Lieutenant Governor: conflict of interest, financial

interest, special privilege and use of state resources

 St t P t l l fli t f i t t fi i l  State Patrol employee: conflict of interest, financial

(45)

Largest Penalty – Levied by the

E

ti

Ethi

B

d

Executive Ethics Board

‣

An Evergreen faculty member

• Had students pay him directly for

study abroad programs.

• Contracted with companies owned by

family members without the

(46)

Ethics Advice Resources

 Supervisor, Department Dean, or Director

 Evergreen’s Ethics Officer John Craighill  Evergreen s Ethics Officer – John Craighill

 [email protected]

 Washington State Executive Ethics Board

 www.ethics.wa.gov 360-664-0871

 State Auditor’s Office

(47)

The Evergreen State College

NONDISCRIMINATION POLICY

AND

PROCEDURES

Objectives:

Understand the protections afforded by the policy; Understand the responsibilities created by the policy; U d t d d f ti d l i l i t Understand procedures for reporting and resolving complaints

(48)

Policy Statement (Excerpts)

 The Evergreen State College is committed ….

 To prohibiting discrimination

 and behaviors which if repeated could constitute discrimination.  The President as the delegate of the Board of TrusteesThe President as the delegate of the Board of Trustees…

 Directs that all personnel and student‐related transactions, and the operation of all College programs, activities and services will not discriminate…. (listed)  Harassment on any of the above stated grounds is a form of prohibited discrimination.  This policy applies to faculty, staff, and students.  This policy also prohibits retaliation for reporting possible violations of this policy, for cooperating with any related investigation, or for participating in such a complaint process.

(49)

Policy Contents

y

P li

St t

t

 Policy Statement

 Legal Basis

 Definitions

Definitions

 Complaint and Resolution Procedures

 Policy Dissemination

(50)

General Principles

R bl B h i t d f ll t d ll  Reasonable Behavior expected from all; toward all  Professional Persona  Acting as to be perceived as a professional  Federal and State Laws

(51)

Legal Basis for Policy

• Civil Rights Act of 1964 and amendments (Title VII)

Civil Rights Act of 1964 and amendments (Title VII)

• Title IX of the Education Amendments Act of 1972

• Veterans Employment Opportunities Act of 1998

•Age Discrimination and Employment Act of 1967

(ADEA)

• Americans Disabilities Act of 1990 and Amendments

• Genetic Discrimination Act of 2008

(52)

Protected Categories

 Race/Color  Religion  Creed  Military Status  Disabled Veteran Status; Vietnam Era Veteran

 Pregnancy (Childbirth or illness  National Origin  Age (Over 40) S  Pregnancy (Childbirth or illness related to pregnancy or childbirth)  Sex  Sexual Orientation  Gender Identity and Expression  Disability  Genetic Information  Marital StatusMarital Status

(53)

Theories of Discrimination

Di

t T

t

t (I t

ti

l)

 Disparate Treatment (Intentional)

 Disparate Impact (Unintentional)

 Failure to Accommodate (ADAAA)

Failure to Accommodate (ADAAA)

 Stereo typing

 Harassment—Unwelcome Conduct

 Quid Pro Quo; Hostile Environment

 Retaliation

(54)

Adverse Action

(Disproportionate Impact)

A li ti  Application  Recruitment  Interviewing  Hiring  Terms and Conditions of Employment such as pay, training, assignment, promotion assignment, promotion

(55)

Taking Action

(Procedures)

R i

th P bli h d P

d

 Review the Published Procedures

 Earlier better than later

R

l

t l

l

ibl

 Resolve at lowest level possible

 Who is responsible: Everyone; Supervisors have a

higher level of accountability

 Investigation is to determine violation of policy, not

of the law

(56)

External Compliance Agencies

W hi t St t H Ri ht C i i

 Washington State Human Rights Commission  Office for Civil Rights, Region X