Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas.

Published bySolomon Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas."— Presentation transcript:

1 Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas Sheila Ochner, University of Texas

2 Defining the Problem “The first step to recovery is admitting you have a problem.” SSN Users Anonymous

3 Defining the Problem The Social Security Number Where is it? How is it used? What are the institution’s legal obligations and liabilities in protecting it?

4 Introductory Snapshots Current state of SSN usage at University of Illinois University of Kansas University of Texas

5 Legal Requirements? 1974 The Privacy Act (5 U.S.C. 552A) Family Educational Rights & Privacy Act (FERPA) 1986 Electronic Communications Privacy Act (ECPA) 1996 Health Insurance Portability and Accountability Act (HIPAA) 1999 Gramm-Leach-Bliley Act, “Privacy of Consumer Financial Information” 2001 USA Patriot Act Future Legislation At least 9 pending items

6 Plotting your Approach Tactical? Independent tasks you can undertake to remediate SSN usage Strategic? Comprehensive institutional plan

7 Planning to Start Designate responsibility See what other universities are doing Define the SSN business problem Educate the community Gain support of administration Identify uses/need for SSN Define universe of systems to be examined Create an SSN replacement plan

8 When the Worst Happens Real-life examples of SSN exposure Not recommended! But do highlight the need to identify/use SSN alternatives

9 Next Steps Survey applicable law and resulting legal obligations Assess risk/benefit/viability of SSN removal “What would it cost us in dollars and prestige when a judge orders us into compliance on a very short timescale?” Write policy Implement use of disclosure statements Build a representative body Have a plan for responding to complaints

10 Continuous Improvement Google is your friend – use it to search for SSN in your campus domain! Address new problems as they arise Long-term process Risk-benefit analysis Managing expectations Can’t accomplish EVERYthing FIRST

11 Raising Awareness How to do it? Methods/tools to use? Different audiences – different points Univ. systems v. dep’t systems? Start with deans, directors

12 Lessons Learned Cast the net deep & wide to catch all the distributed systems/uses. Wrap yourself in the law. If you are not in compliance, you must change. In an era where identity theft is the #1 consumer crime, SSN usage needs to be understood as a major privacy concern.

13 Contact Information Mike Cornmcorn@uillinois.edumcorn@uillinois.edu Jenny Mehmedovic jmehmedo@ku.edujmehmedo@ku.edu Sheila Ochner s.ochner@its.utexas.edus.ochner@its.utexas.edu

Download ppt "Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.
Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Similar presentations

Ads by Google