Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University...
13
Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas Sheila Ochner, University of Texas
-
Upload
solomon-melton -
Category
Documents
-
view
212 -
download
0
Transcript of Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University...
Planning for the Elimination of Social Security Numbers as Primary Identifiers
Mike Corn, University of Illinois
Jenny Mehmedovic, University of Kansas
Sheila Ochner, University of Texas
Defining the Problem
“The first step to recovery is admitting you have a problem.”
SSN Users Anonymous
Defining the Problem
The Social Security NumberWhere is it?How is it used?What are the institution’s legal obligations
and liabilities in protecting it?
Introductory Snapshots
Current state of SSN usage at University of IllinoisUniversity of KansasUniversity of Texas
Legal Requirements?1974 The Privacy Act (5 U.S.C. 552A) Family Educational Rights & Privacy Act (FERPA)
1986 Electronic Communications Privacy Act (ECPA)
1996 Health Insurance Portability and Accountability Act (HIPAA)
1999 Gramm-Leach-Bliley Act, “Privacy of Consumer Financial Information”
2001 USA Patriot Act
Future Legislation At least 9 pending items
Plotting your Approach
Tactical? Independent tasks you can undertake to
remediate SSN usage
Strategic?Comprehensive institutional plan
Planning to Start
Designate responsibility
See what other universities are doing
Define the SSN business problem Educate the community Gain support of administration
Identify uses/need for SSN
Define universe of systems to be examined
Create an SSN replacement plan
When the Worst Happens
Real-life examples of SSN exposureNot recommended!But do highlight the need to identify/use
SSN alternatives
Next Steps
Survey applicable law and resulting legal obligationsAssess risk/benefit/viability of SSN removal “What would it cost us in dollars and prestige
when a judge orders us into compliance on a very short timescale?”
Write policyImplement use of disclosure statementsBuild a representative bodyHave a plan for responding to complaints
Continuous Improvement
Google is your friend – use it to search for SSN in your campus domain!
Address new problems as they arise
Long-term processRisk-benefit analysis Managing expectationsCan’t accomplish EVERYthing FIRST
Raising Awareness
How to do it? Methods/tools to use?
Different audiences – different points
Univ. systems v. dep’t systems?Start with deans, directors
Lessons Learned
Cast the net deep & wide to catch all the distributed systems/uses.Wrap yourself in the law. If you are not in compliance, you must change.In an era where identity theft is the #1 consumer crime, SSN usage needs to be understood as a major privacy concern.
Contact Information
Mike Corn [email protected]
Jenny Mehmedovic [email protected]
Sheila Ochner [email protected]
