SSN Elimination Program
General November 15th, 2007
The CIO’s office and CITES Security are cracking down and have started a witch hunt to document (and in most cases, remove/eliminate) files with user sensitive data on them. The use of a university generated ID number is only a few years old — previous data used social security numbers as student identifiers and so it’s possible that professors have old spreadsheets with SSNs tucked away somewhere on their desktops that probably could be deleted (or archived securely.) The mentality is that if the data isn’t out there, it can’t get stolen or mis-used.
This is, of course, in response to the heightened sensitivity to identity theft and institutions mishandling/losing user data — and more so the newer pressures on notification and remediation that go with those kinds of information disclosure events. “Lose” SSN data and you need to tell the governor within 7 days, the Department of Education (national, not campus) starts calling the university president asking about it, etc. Unpleasant stuff. Worse than not getting your ethics training done.
But they’ve decided to call the program the SSN elimination program which always makes me think first about a different kind of elimination, and most notably the diaper free kind.
Tags: security
About
