In 2000, the University adopted a sweeping policy that addressed the use and handling of Social Security numbers (SSN). This policy calls for a significant reduction or elimination of SSNs in campus and University systems and business processes. Instrumental in implementing this policy was the use of the University Identification Number (UIN) in Banner as the key person identification number in place of SSNs. This has resulted in a significant reduction of the use of the SSN throughout campus systems and processes. While the SSN is still used more frequently than is desirable, the risk brought to the institution through unwanted SSN disclosures has shifted from central data systems to historical files and documents maintained by faculty and staff within units.
In working with units to mitigate the consequences of compromised or 'hacked' workstations, the Security Office has come to understand that tens of thousands of historical files, often containing SSNs as well as other sensitive information such as credit card numbers or grades, exist on faculty and staff workstations throughout the campus. These files are typically stored on individual workstations rather than securely-maintained file stores. Even more problematic, faculty and staff are often unaware or have forgotten that these files containing sensitive data exist on their workstations.
Regulation and Risk
Recent regulatory changes at the State level now require the University to notify an individual when their personal information, particularly a SSN, has been unintentionally released. Guidelines for compliance with these regulations have been assembled and distributed to the Chancellor's senior staff, campus business managers and technical professionals (http://www.cio.illinois.edu/pipa). At present, we estimate the cost to the institution in both real dollars and staff time at approximately $75 per released SSN. Additionally, after observing other institutions' recent experiences (e.g., UCLA releasing approximately 800,000 SSNs), it is clear that the cost to the campus's reputation from a major release is significant.
SSN Elimination Program Description
While the migration from SSN to UIN as the primary person identifier within Banner has greatly reduced the spread of SSNs across campus, there is simply no elegant technological solution for identifying historical working documents that contain SSNs or credit card numbers. Consequently, all faculty and staff are being asked to execute a search for legacy documents that contain these data. To assist in this admittedly exhausting effort, we are providing a simple-to-use software program that very quickly and unobtrusively scans Windows-based personal computers for such files. A similar program has been created for more recent versions of Apple's OS X.
In general, the instructions for this program are as follows:
Department and Colleges(full instructions)
Deans and Department Heads are encouraged to send the pre-drafted message, or its equivalent, to all faculty and staff within their unit. Faculty and staff will have until January 14 to complete the scanning of their workstations and laptops. Units will then be given one month (February 14) to complete an internal review on the completeness of compliance and to finish the remaining stages of the program. A compliance form with the Unit Head's signature will be due to the CITES Security Office (at the address below) no later than the last Friday of March 14, 2008.
In addition to ensuring that all faculty and staff have executed a scan or search for SSNs in legacy systems and documents on their workstations and laptops, the unit will be required to
- create and maintain a list of individuals for whom permission has been granted to access and work with Social Security numbers; and
- create a list of existing electronic systems that store SSNs and either develop a firm plan for the elimination of SSNs from these systems or obtain special permission from the campus Social Security number coordinator to retain said system.
Faculty and Staff(go to complete directions)
Complete directions for faculty and staff have been drafted and are available at Instructions for Faculty and Staff. Briefly, you are being asked to review electronic files stored on your workstation and delete those that contain SSNs or credit card numbers. If files containing SSNs or credit card numbers are official University records, you may archive them securely and manage them as an alternative to deleting them. Two tools have been developed that will assist you in tracking down files containing this information. However, please note that these tools are not infallible--in addition to using the tools, you are still obligated to make a best effort to track down and eliminate suspect files.
IT Professionals(full instructions)
IT Professionals in units will be expected to execute Firefly or equivalent mechanisms on multi-user network file systems. Information for IT Professionals can be found on the CITES Wiki at the above URL.
Submission of Information and Compliance
The final signed forms should be sent via campus mail no later than March 14, 2008 to:
c/o Security Office
1506 Digital Computer Lab