Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

Red Flag Rules: What they are? & What you need to do

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Privacy and Security Risks in Higher Education

The Scales of Justice Balancing Policy and Law Against Expectations in Real-Life Computer Abuse Cases.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security.

Understanding: The Key to Protecting Highly Sensitive Personally Identifiable Information Timothy J. Brueggemann, Ph.D.

Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Privacy, Confidentiality, Security, and Integrity of Electronic Data

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Copyright © 2008 Delmar Learning. All rights reserved. Unit 8 Observation, Reporting, and Documentation.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.

Incident Documentation Campus Security Officer Training.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Improving Cancer Tracking Today Saves Lives Tomorrow: Do States Make the Grade? Shelley Hearne, Dr.PH Executive Director October 20, 2003.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

Chapter 4: Laws, Regulations, and Compliance

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

MIS5001: Information Technology Management Ethics and Continuity Management Larry Brandolph

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

Mary Trauner Senior Research Scientist Georgia Institute of Technology Middleware for Video.

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

Products to Share  Business plan  Brochures for both clients and professionals  Template contracts and other policies and procedures  Placement evaluation.

Cyber Insurance - Risk Exposures and Strategic Solutions

Securing Critical Assets: Arizona’s Security & Privacy Initiatives

Institutional Privacy Challenges

CompTIA Security+ Study Guide (SY0-401)

Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.

Evaluation and assessment

Presentation transcript:

Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas Sheila Ochner, University of Texas

Defining the Problem “The first step to recovery is admitting you have a problem.” SSN Users Anonymous

Defining the Problem The Social Security Number Where is it? How is it used? What are the institution’s legal obligations and liabilities in protecting it?

Introductory Snapshots Current state of SSN usage at University of Illinois University of Kansas University of Texas

Legal Requirements? 1974 The Privacy Act (5 U.S.C. 552A) Family Educational Rights & Privacy Act (FERPA) 1986 Electronic Communications Privacy Act (ECPA) 1996 Health Insurance Portability and Accountability Act (HIPAA) 1999 Gramm-Leach-Bliley Act, “Privacy of Consumer Financial Information” 2001 USA Patriot Act Future Legislation At least 9 pending items

Plotting your Approach Tactical? Independent tasks you can undertake to remediate SSN usage Strategic? Comprehensive institutional plan

Planning to Start Designate responsibility See what other universities are doing Define the SSN business problem Educate the community Gain support of administration Identify uses/need for SSN Define universe of systems to be examined Create an SSN replacement plan

When the Worst Happens Real-life examples of SSN exposure Not recommended! But do highlight the need to identify/use SSN alternatives

Next Steps Survey applicable law and resulting legal obligations Assess risk/benefit/viability of SSN removal “What would it cost us in dollars and prestige when a judge orders us into compliance on a very short timescale?” Write policy Implement use of disclosure statements Build a representative body Have a plan for responding to complaints

Continuous Improvement Google is your friend – use it to search for SSN in your campus domain! Address new problems as they arise Long-term process Risk-benefit analysis Managing expectations Can’t accomplish EVERYthing FIRST

Raising Awareness How to do it? Methods/tools to use? Different audiences – different points Univ. systems v. dep’t systems? Start with deans, directors

Lessons Learned Cast the net deep & wide to catch all the distributed systems/uses. Wrap yourself in the law. If you are not in compliance, you must change. In an era where identity theft is the #1 consumer crime, SSN usage needs to be understood as a major privacy concern.

Contact Information Mike Jenny Mehmedovic Sheila Ochner