1 / 34

There’s Safety in Numbers!

There’s Safety in Numbers!. Temple University. Timothy O’Rourke Vice President, Computer & Information Services. Barbara Dolhansky Associate Vice President, Computer & Information Services. The Hard Facts!.

iain
Download Presentation

There’s Safety in Numbers!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. There’s Safety in Numbers! Temple University Timothy O’Rourke Vice President, Computer & Information Services Barbara Dolhansky Associate Vice President, Computer & Information Services

  2. The Hard Facts! • Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were reported last year, according to a Federal Trade Commission survey! • 4/11/06 Specialty retailer Ross-Simons said a security breach detected earlier this month compromised personal information on 32,000 customers who applied for store credit cards from October 2004, when the cards were first issued, to April 4, when the problem was verified, Ross-Simons spokesman said the data that was accessed was similar to the information on any credit application, including Social Security numbers.. (Associated Press Newswires, April 13, 2006) • 4/20/06. Boeing is notifying 3,600 current and former employees that their names, Social Security numbers and in some cases, addresses and phone numbers, may have been compromised after a laptop was stolen several days ago. The laptop was grabbed from a Boeing human-resources employee at an airport, said company spokesman Tim Neale.. (The Seattle Times, April 21,)

  3. The Hard Facts! • 4/29/06 A Union Pacific employee’s personal computer was stolen Saturday, April 29, which contained a report with the names, Social Security numbers and birth dates of 30,000 employees at Union Pacific.. (Union Pacific Statement, May 8, 2006) • 5/25/06 VyStar Credit Union announced Thursday that hackers stole VyStar member’s personal account information. 34,000 customer accounts were affected. The pilfered information includes names, addresses, social security numbers, birth dates, mother’s maiden names and e-mail addresses.. (The Florida Times-Union, May 27, 2006) • 7/2006 A laptop computer containing personal information of more than 133,000 Floridians was stolen in late July from a government SUV parked in front of a popular Doral cafeteria, the U.S. Department of Transportation announced Wednesday. There is no evidence that the data have been used illegally, DOT officials stressed Wednesday in Washington and Miami.. (The Miami Herald, August 10, 2006)

  4. The Hard Facts! • 2006 Disclosures of U.S. Data Incidents • At least 148 incidents have been disclosed, potentially affecting nearly 9.3 million individuals • 30% of disclosures involve educational institutions; 30%, governmental or military agencies; 18%, general business; 11%, health care facilities or companies; and 11%, banking, credit or financial services entities. • Since January 2006 at least 845,000 people have had sensitive information jeopardized in 29 security failures at colleges • We store similar personal information as a bank and we’re easier prey than a bank! • Most states enacting legislation penalizing the failure to adequately protect an individual’s privacy!

  5. PA Senate Bill 712 • Breach of Personal Information Notification Act • Enacted June 20, 2006 by the PA legislature • Provide notice (written, telephone or substitute) to individuals in event of security breach of personal information • First name & last name linked with: • SSN • Driver’s license number or state id card • Financial account number, debit or credit card number, in combination with security code to access account information • Not just about electronic data! Paper files also included in law.

  6. Who are We? • Based in Philadelphia, Temple is one of Pennsylvania’s three public research Universities, along with Pitt & Penn State • The University has over 35,000 students, 16,000 annual W-2’s issued, and over 230,000 alumni • 26th largest University in the United States • 6th largest provider of professional education in the country • 17 schools and colleges including schools in Law, Medicine, Pharmacy, Podiatry, & Dentistry and campuses in Tokyo, Japan, & Rome, Italy • $90 million Physicians Practice Plan • Total operating budget of $900 million • Temple Health System (a wholly owned subsidiary of the University) is a $1 billion operation made up of 13 separate corporate entities and has over 5,000 employees. The University runs the HR system for the Health System.

  7. Our Goals! • Protect the personal data of our students, faculty, administrators, and alumni • Increase our confidence that the personal data is adequately protected • Educate / improve awareness among Temple community as to the importance of confidentiality and the personal protection of their data • Keep us out of the newspapers!

  8. Our Challenges! • Many old legacy systems employed SSN as key • Student, HR, Finance • SS# key to all of our systems • Almost 1,000,000 unique SSN’s in these systems • Over 25 centrally maintained ancillary systems using SSN as Key • Complex web of “shadow systems” and an unknown number of Access data bases and spreadsheets throughout departments • Limited resources and many other priority initiatives • Delay of ERP deployment • Passed policy in September 2004, with a hard deadline of September 30, 2005

  9. The Project Barbara Dolhansky

  10. True Confessions / Things Not to Do • Don’t enlist five computing students to perform code changes…… • Don’t forget your school mascot…… • Don’t expect alumni to donate money to the cause……. • Don’t forget to have a conversion concierge…….

  11. Important >>>> It’s a Big Project! >>>>PLAN 13,000 HOURS!!!

  12. Timeline

  13. Our Clever Nine Digit Unique Identifier“The TUid” • First digit set to “9” and the last digit is check digit. • Sequentially assigned from one database – automatically updates two legacy systems . • Purchased NameSearch from IntelligentSearch to assist with record matching. • One number assigned to an individual – used across the entire institution. • Stored in systems that may have separate ID.

  14. Policy The use of the Social Security number as a primary identifier for Temple-Related Individuals shall be avoided, except as required by law or as required by practical necessity as approved by the President or other designated University officers. The Vice President for Computer and Information Services shall develop and implement procedures for ensuring compliance.Compliance Date – September 30, 2005 ** Separate SSN procedures define guidelines for SSN handling

  15. Components of SSN Procedures • Primary Identifier Guidelines for collecting and storing • List of Approved Uses of Social Security Numbers • University Forms Guidelines • Guidelines for Computer and Information Systems • Encryption • Display of SSN • List of Social Security Number Safeguards

  16. User Approvals Required • Social Security Number Usage Request Form • System requires storage of SSN • Must be encrypted • Access to Social Security Number Approval Form • Individuals viewing / updating SSN Required, promotes compliance and is audited by Internal Audits.

  17. Extensive Training • New Data Entry and Search Screens • Human Resource System • Student System • Mandatory • Conducted 6 weeks prior to conversion • Adding and Searching for Individuals • Name, TUid or SSN, Birth Date, Address • Authentication Procedures • “What’s your SSN.”

  18. Conversion

  19. Re-carding

  20. OWLcard • Temple ID Card • Diamond Dollars • Building access • Parking privileges • Library privileges • Printing privileges • Display TUid on Front • Hologram

  21. Card Design • Publications / Office of University Communications • Presented Executive Committee – 2 Choices • What is printed? Display TUid? • President – Final Choice • Verbiage on Reverse – University Counsel • Health System Designs (JACHO standards)

  22. Card Distribution 24,000 Returning Student ID’s produced 10,000 New Students 7,400 University Employee ID’s 7,500 Health System Employee ID’s

  23. Card Distribution - Employees • Cards Distributed to Dean & Vice Presidential Offices • Employees must sign for receipt of card • Signed receipt forms & unclaimed cards returned to Human Resources • OWLcards cannot be mailed • Returned OWLcards shredded

  24. Card Distribution - Students • Multiple distribution points – card office, large hall, campuses • Students must swipe cards after pickup • OWLcards cannot be mailed • Professional Schools & Ancillary Campuses – return unclaimed cards to Central Office • Unclaimed cards shredded

  25. Why I Still Have My Job / Lessons Learned! • Engage support of Senior Management / an essential ingredient • Tell everyone what you’re doing / communicate and publicize • Seek input from those affected / involve the community • Learn from other’s mistakes / talk to other Universities/Colleges • Create detailed conversion test plan / down to the hour! • Develop a roll back plan / mistakes do occur • Change project teams members if necessary

  26. More Lessons Learned • Look for the “hidden systems” / spreadsheets and files are systems • Include programmers on Shadow System Team • Allow plenty of lead time for ID card vendor selection & processing • Help departments with their conversion process • Maintain “on demand” support during implementation • Send friendly reminder e-mails to the entire community

  27. Lingering Pains • Issuing multiple TUid’s to one person • Dealing with alumni who do not know TUid • Cleaning historic data • SSN and personal info remaining on laptops and workstations • Non-supported vendor-provided systems that could not be converted • Shadow systems and non-central servers

  28. There’s Safety in Numbers… There’s Safety in Numbers… http://ssn2tuid.temple.edu Questions?

More Related