Secure U
   

Cyber Security

Published: 11/02/07
Developing Best Practices to Protect Student Social Security Numbers
From "5 Ways Sloppy Campuses Can Clean Out Personal Data" by: Brock Read, Chronicle of Higher Education
At least 30 states now prohibit colleges from using Social Security numbers and other personal data to identify students and staff, and colleges are being advised by IT experts to be proactive in cleaning up their networks. IT officials from several U.S. campuses have offered best practices to accomplish this. Among the recommendations is the scanning of entire networks for Social Security numbers, both those of existing students and alumni, using a variety of scanning tools that are available today. One such is Spider, an open-source tool used by the University of Colorado at Boulder and designed by technicians working under Cornell University Office of Information Technologies head Steven Schuster for computers running Windows, Linux, and Mac OS X. The tool sifts through computers or files for Social Security numbers and other digit-based personal information like driver's license and credit card numbers.

Once identified, universities should determine if any of the sensitive data is needed—for example, for tax purposes-and replace the sensitive numbers that are not needed with random identification numbers. The replacement process can be automated using simple tools like one developed at the University of Pennsylvania (Penn) to accomplish the task. Access to the sensitive data that remains on computers should be strictly limited. Boston College accomplishes this by requiring employees to have written authorization from the school's vice president before access to Social Security numbers is granted. At Penn and Cornell, staff members and professors are asked to burn data they may need onto DVDs and lock those discs away when not in use. Professors are also asked to check their personal computers for sensitive data that may not be necessary and to eliminate this information or convert it to the random numbers assigned to students.

The IT experts remind colleges that the process requires perseverance. "Protecting confidential data is a never-ending task," says Lauren B. Steinfeld, Penn's chief privacy officer. "It is not a project that has an end date." David Escalante, director of IT security and policy at Boston College, adds, "It's relatively easy to say 'We should fix all this,' and then get really daunted when you look into the complexity of the thing… The big thing is not to give up."

Read more >
A Century of Excellence in Higher Education
American Association of Collegiate Registrars and Admissions Officers
One Dupont Circle, NW, Suite 520, Washington, DC 20036 (202) 293-9161
To unsubscribe, visit lists.aacrao.org/unsubscribe/
  
A Review of Online and On-Campus Security News
AACRAO

Abstract News © 2007 Information, Inc. All rights reserved. No parts of this site may be reproduced in any form including information storage and retrieval systems without prior written permission.