1 / 13

Planning for the Elimination of Social Security Numbers as Primary Identifiers

This paper explores the problem of using Social Security Numbers (SSNs) as primary identifiers and discusses the legal obligations and liabilities of institutions in protecting them. It highlights the current state of SSN usage at three universities and reviews relevant legislation. The paper proposes tactical and strategic approaches for remediation, including creating an SSN replacement plan and raising awareness. It emphasizes the need for continuous improvement and provides contact information for further inquiries.

tselig
Download Presentation

Planning for the Elimination of Social Security Numbers as Primary Identifiers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas Sheila Ochner, University of Texas

  2. Defining the Problem “The first step to recovery is admitting you have a problem.” SSN Users Anonymous

  3. Defining the Problem • The Social Security Number • Where is it? • How is it used? • What are the institution’s legal obligations and liabilities in protecting it?

  4. Introductory Snapshots • Current state of SSN usage at • University of Illinois • University of Kansas • University of Texas

  5. Legal Requirements? • 1974 • The Privacy Act (5 U.S.C. 552A) • Family Educational Rights & Privacy Act (FERPA) • 1986 • Electronic Communications Privacy Act (ECPA) • 1996 • Health Insurance Portability and Accountability Act (HIPAA) • 1999 • Gramm-Leach-Bliley Act, “Privacy of Consumer Financial Information” • 2001 • USA Patriot Act • Future Legislation • At least 9 pending items

  6. Plotting your Approach • Tactical? • Independent tasks you can undertake to remediate SSN usage • Strategic? • Comprehensive institutional plan

  7. Planning to Start • Designate responsibility • See what other universities are doing • Define the SSN business problem • Educate the community • Gain support of administration • Identify uses/need for SSN • Define universe of systems to be examined • Create an SSN replacement plan

  8. When the Worst Happens • Real-life examples of SSN exposure • Not recommended! • But do highlight the need to identify/use SSN alternatives

  9. Next Steps • Survey applicable law and resulting legal obligations • Assess risk/benefit/viability of SSN removal • “What would it cost us in dollars and prestige when a judge orders us into compliance on a very short timescale?” • Write policy • Implement use of disclosure statements • Build a representative body • Have a plan for responding to complaints

  10. Continuous Improvement • Google is your friend – use it to search for SSN in your campus domain! • Address new problems as they arise • Long-term process • Risk-benefit analysis • Managing expectations • Can’t accomplish EVERYthing FIRST

  11. Raising Awareness • How to do it? Methods/tools to use? • Different audiences – different points • Univ. systems v. dep’t systems? • Start with deans, directors

  12. Lessons Learned • Cast the net deep & wide to catch all the distributed systems/uses. • Wrap yourself in the law. If you are not in compliance, you must change. • In an era where identity theft is the #1 consumer crime, SSN usage needs to be understood as a major privacy concern.

  13. Contact Information • Mike Corn mcorn@uillinois.edu • Jenny Mehmedovic jmehmedo@ku.edu • Sheila Ochner s.ochner@its.utexas.edu

More Related