Privacy Tip of the Week

Know the Information Security Rules

West Virginia Executive Branch

Privacy Policy: Security Safeguards

Know the Information Security Rules 

Question:  

Are there rules for keeping personal information safe? 

Answer: 

Everyone has access to lots of personal information (PI).  You have access to PI about citizens.  You know PI about your co-workers.  PI fills our buildings and our computer systems.  Every interaction we have at work involves at least some PI.  Because you have access to PI, you have an obligation to protect that PI.  Understanding our information security rules is an important part of your job!   

The Executive Branch Security Safeguards Policy requires each Department to protect the privacy, confidentiality, integrity and availability of PI.   

* Privacy means that the PI won’t be used for unintended or unauthorized purposes. 

* Confidentiality means that the PI won’t be disclosed to unauthorized individuals.   

* Integrity means that the PI won’t be changed or improperly deleted.   

* Availability means that the PI will be accessible when it’s needed.    

Each Department must think about the ways that the privacy, confidentiality, integrity and availability of PI might be threatened, and then ensure that steps are taken to protect the PI from these threats.  This includes PI in electronic format as well as PI in paper records.  

The West Virginia Office of Technology (WVOT) issues specific security rules.  These rules are designed to protect our computer systems as well as PI.  You must understand all of the rules that apply to your activities.   

The Security Safeguards Policy also describes the steps that must be taken when a security incident occurs.  A security incident is any known successful or unsuccessful attempt by an authorized or unauthorized individual to inappropriately use, disclose, modify, access, or destroy any electronic information.  If sensitive PI is exposed, the Security Safeguards Policy requires additional actions, such as consumer notification.  

Note:  Your agency/bureau/department/division may have specific requirements – always check your policies and procedures.  If you have questions, contact your Privacy Officer.