|
Update on Privacy Issues Related to Social Security Numbers In 2002, we wrote to the Penn community about the importance of protecting personal privacy at Penn and asked for help in addressing one specific privacy risk--the unnecessary use and display of Social Security numbers (SSNs). As we recognized then, SSNs are often necessary as a way to identify individuals uniquely and to fulfill legal requirements; however, SSNs can also be used to commit identity theft, which causes considerable harm to its victims. The Federal Trade Commission recently reported that victims of identity theft suffer losses of $4,800 on average and spend 30 hours on average to address the problems the theft has created. Also, as recent press reports have shown, hackers have targeted information systems at colleges and universities, including those containing personal information such as SSNs. We are gratified to report that there has been an enormous effort at Penn to change business processes, forms, and information systems, to reduce the availability of SSNs and thus to better protect the Penn community. We have seen changes in the Penn's Way campaign, in the tuition reimbursement program, in the way student grades are posted, and in forms used by many schools, as well as in other areas. Today, we extend our efforts by announcing two new programs and again asking the Penn community to assist in further reducing identity theft risk. The first new program is the establishment of privacy liaisons in Penn's Schools and centers. These privacy liaisons serve as points of contact for privacy questions or concerns in their School or center. The privacy liaisons will also be working to raise privacy awareness and to apply risk reduction strategies. Second, we are establishing a more detailed SSN Action Plan for use by the privacy liaisons and by other members of the Penn community who can assist in our joint effort. The SSN Action Plan and the list of Privacy Liaisons are below. --Peter
Conn, Deputy Provost Action Plan Regarding the Privacy of Social Security Numbers Penn is actively phasing out the use of SSNs in student, personnel, and other records whenever possible. Schools and centers should review and apply the steps outlined below periodically to minimize identity theft risks to our community, without unduly compromising Penn's mission of providing superior education, research, and service. This plan, and all of the documents referenced in it, are all available at www.upenn.edu/privacy. The charge to the privacy liaisons is to coordinate implementation of the following: Awareness Regarding Privacy Issues and SSNs 1. Review Penn's privacy-related awareness tools, such as Focus on Privacy: Questions and Answers about the Privacy of Student Records, Penn's Statement of Goals Regarding Social Security Numbers, and this Action Plan, and use such tools to raise awareness with appropriate audiences. More specifically, identify people in your unit who have access to personal information and provide them with relevant written guidance. In addition, to request in-person training sessions, contact the University's Chief Privacy Officer at privacy@pobox.upenn.edu. Social Security Numbers in Information Systems 2. Evaluate local information systems to determine where SSNs are collected by your unit, including extracts from central systems. Analyze whether there is a need for such SSNs or whether PennIDs could be used in their place. Information Systems and Computing's Office of Data Administration, (215) 898-2173, is available as a resource to assist in such conversion. Further, a survey tool will be distributed in the coming weeks to help identify and evaluate SSN risks in information systems. 3. Where there is a sufficient need to collect and maintain SSNs: a. Ensure that you adhere to Penn's Critical Host Policy by registering machines holding SSNs and applying the strong security standards set forth in that policy. b. Where possible, configure systems to allow searches via name, PennID, or other criteria instead of SSN. c. Mask the first five (5) digits of the SSN where possible so that only the last four (4) digits are visible. 4. Avoid using the SSN as the ID or password for access to information systems where possible. Social Security Numbers in Paper Documents 5. Review forms created and/or used by your unit to determine if SSNs are requested. Where there is a need to collect a unique identifier, evaluate whether PennIDs can be requested in place of SSNs. If PennIDs cannot be effectively used, consider whether the forms can request only the last four digits of an individual's SSN. 6. Assess whether paper files containing SSNs are being stored unnecessarily and are appropriate for destruction under Penn's Guidelines for the Destruction of Confidential Records. A Summary of Records Destruction Guidelines can assist in this activity. 7. Where it is necessary to maintain SSNs in hard copy, keep such documents secure from unauthorized access by using locked cabinets or implementing other mechanisms to restrict unauthorized physical access. Social Security Numbers and Personnel Designations 8. Review operational practices to restrict SSN access only to individuals with a need to know such information for legitimate Penn activities. Consider whether it is necessary to give temporary workers access to personal information. Social Security Numbers and Third Parties 9. In negotiating agreements with vendors, evaluate what identification system the vendor is using and analyze the feasibility of using a system other than one based on SSNs. 10. In signing agreements with vendors, include language, working with the Office of General Counsel, that eliminates or limits use and disclosure of SSNs and, as applicable, provides for confidential treatment of SSNs. Privacy
Liaisons in Schools and Centers
Almanac, Vol. 50, No. 34, May 25, 2004 |
|
