|
A computer with over 1,400,000 Social Security numbers
and medical histories was recently hacked at the University
of California at Berkeley. The information was stored on a
computer used by a visiting scholar who was conducting
research. This is yet another event in a series of
inadvertent disclosures of personal information incidents
that have been reported all across the country.
As you know from previous announcements on this topic,
Temple University takes very seriously its obligation to
safeguard the personal information of its students,
employees, and patients.
The Office of the President and the Office of the Vice
President for Computing and Information Services have issued
a new policy and related procedures to control the use of
Social Security numbers at Temple University. All Temple
employees who use computers or computer systems should
carefully review these documents which are now available on
Temple's Web site at:
- Social Security Number Usage Policy
http://policies.temple.edu/getdoc.asp?policy_no=04.75.11
- Social Security Number Usage Procedure
http://policies.temple.edu/getdoc.asp?policy_no=04.75.12
The Social Security Number Usage Procedure clearly states
that Social Security numbers "may only be collected,
maintained, and used as required by law or as required by
practical necessity as approved by (i) the cognizant vice
president or Provost and (ii) the Vice President for
Computer and Information Services." The procedure includes a
List of Approved Uses of Social Security Numbers as Exhibit
B.
To further address this issue, the University has initiated
a major project that will eliminate the use of the Social
Security number as the primary identifier in all University
computer systems. A new identifier, known as the TUid, will
be a nine-digit number that is neither based on nor related
to the individual's Social Security number.
In order to convert all computer uses of Social Security
numbers to the new TUid, we must first identify the
computers and systems that store Social Security numbers.
Earlier this year, Computer Services surveyed most of the
departmental users of Social Security numbers. We are now
asking that all faculty and staff perform the following
evaluation:
1. Review the University's new policy and procedure on
Social Security number usage.
2. Perform a thorough inspection of your personal computer
to check for the presence of Social Security numbers.
3. If you find Social Security numbers stored on your system
and you do not need them, please remove them immediately.
4. If you find Social Security numbers stored on your system
and you believe that your usage of Social Security numbers
is necessary, we ask that you notify us by simply replying
to this message. Enter your response below and SEND the
completed response to
ssn2tuid@temple.edu.
-----------------------------------------------------------------------------
RESPONSE: Yes, I have a need to store or use Social Security
numbers on my computer(s) for the following purpose: (Enter
your response here . . .)
-----------------------------------------------------------------------------
Please reply as soon as possible but no later than
Wednesday, November 24, 2004. If you are unsure about
whether your use of Social Security numbers is appropriate,
or if you have other questions about this issue, please call
the Computer Services Help Desk at extension 1-8000.
Thank you in advance for your cooperation.
Ariel Silverstone
Chief Information Security Officer
|
