Main Nav

Dear Friends and Colleagues: We are a Datatel shop ( born 1984). Our security access needs a 100% overhaul and we are not yet in a position to begin it. The question I have is about fields that are purposefully hidden from Datatel users (not faculty or students but administrators entering data into the system.) 1. I assume SSN should be hidden or masked from nearly all users. 2. Similarly, things like salaries are secured and limited. 3. What about date of birth and home addresses? We have an administrative user who insists DOB should be hidden. Any thoughts about this? My concern is that we are beginning a major "re-migration" to a clean (non-customized) version of Colleague. All of my staff are working on projects with this long term goal in mind. I am trying to minimize the temporary (but intensive) programming efforts requested to support the current (old) code. Is hiding and securing DOB critical? Are there legal concerns like with SSNs? Along these same lines, does anyone have an agreement they ask Colleague data entry staff to sign which clarifies their responsibility for handling confidential data? Thanks in advance for your insights. Enjoy your weekends! Best, Carol _________ Carol Katzman Vice President for Information Technology Barnard College Sent from my iPhone ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from mike.cunningham@pct.edu

You might also ask if they need the full DOB or maybe what they really needs is age and have just calculated that from DOB in the past. Some will always need it because there are reporting requirements for state and federal government that require the full date of birth.

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson
Sent: Saturday, January 07, 2012 10:11 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] Privacy and data security

 

We mask SSN for almost everyone. There are only a select fee that have access to a persons's SSN. DOB is commonly used to verify a person's identity so it doesn't make sense to limit access to it. Employees that are authorized to screens with DOB can see the information. We do not have additional security on the field. We do, as I'm sure also do, have an confidentiality agreement that all employees sign. As far as I know, FERPA allows employees to view that information is the it is deemed necessary. God bless, Sam Young CIO PLNU Sent from my iPhone On Jan 7, 2012, at 9:10 AM, "Mike Cunningham" > wrote: You might also ask if they need the full DOB or maybe what they really needs is age and have just calculated that from DOB in the past. Some will always need it because there are reporting requirements for state and federal government that require the full date of birth. From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson Sent: Saturday, January 07, 2012 10:11 AM To: CIO@LISTSERV.EDUCAUSE.EDU Subject: Re: [CIO] Privacy and data security
The issue of hiding/masking DoB and the issue of using DoB to verify identity are 2 mutually exclusive issues. As far as FERPA is concerned, allowing for DoB to be used as directory data (and thus be viewable/searchable) is a matter of interpretation. Many schools consider DoB to be directory information that is "releasable", without the consent of the student. However, as far as FERPA is concerned, you're NOT supposed to use demographic data (such as DoB) for verification of identity in specific situations. For instance, if a student calls your help desk to get their password reset, you are not supposed to solely use demographic data to verify their identity and then subsequently issue a password reset. However, if the student shows up in person and hands you a picture ID, you could use the DoB as a verifying factor to ensure that you're looking at the correct student. With all of this being said, I've also run into administrators who insist that certain information is FERPA protected because that is the way they interpreted FERPA when they read it at some point in the past (or worse yet, somebody told them that it was FERPA-protected data and they just took that as gospel). What you really need to do is identify an appropriate administrator (or governance group) as your "FERPA authority", and they need to create a formal written policy documenting your directory data based on their interpretation of FERPA. This is oftentimes the Registrar or Director of Admissions and Records. You should be able to do a quick Google search to see other universities' policies, as in: http://www.virginia.edu/registrar/documents/FERPA-parents&students.pdf Thx, A Andy Miller Senior Director, Enterprise Applications and Data Services California State University, Chico 530.898.3169 Sent from my iPad On Jan 7, 2012, at 9:19 AM, "Sam Young" wrote: > We mask SSN for almost everyone. There are only a select fee that have access to a persons's SSN. > > DOB is commonly used to verify a person's identity so it doesn't make sense to limit access to it. Employees that are authorized to screens with DOB can see the information. We do not have additional security on the field. > > We do, as I'm sure also do, have an confidentiality agreement that all employees sign. > > As far as I know, FERPA allows employees to view that information is the it is deemed necessary. > > God bless, > Sam Young > CIO PLNU > > Sent from my iPhone > > On Jan 7, 2012, at 9:10 AM, "Mike Cunningham" > wrote: > > You might also ask if they need the full DOB or maybe what they really needs is age and have just calculated that from DOB in the past. Some will always need it because there are reporting requirements for state and federal government that require the full date of birth. > > From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson > Sent: Saturday, January 07, 2012 10:11 AM > To: CIO@LISTSERV.EDUCAUSE.EDU > Subject: Re: [CIO] Privacy and data security > >
Just to clarify: I am not talking about "end users" viewing DoB. I am talking about DoB being available on Datatel screens for administrative users who are entering data and developing reports in the ERP. I am also trying very hard to redirect all of our programming efforts into the massive migration effort. We absolutely plan to redo system access for security and selectively block or mask specific fields in the migration. The issue at hand is whether we need to block items now in a system which is obsolete because it may take 1 to 3 years to get to this in the system overhaul. Best, Carol _________ Carol Katzman Vice President for Information Technology Barnard College Sent from my iPhone On Jan 7, 2012, at 3:16 PM, "Miller, Andy" wrote: > The issue of hiding/masking DoB and the issue of using DoB to verify identity are 2 mutually exclusive issues. As far as FERPA is concerned, allowing for DoB to be used as directory data (and thus be viewable/searchable) is a matter of interpretation. Many schools consider DoB to be directory information that is "releasable", without the consent of the student. However, as far as FERPA is concerned, you're NOT supposed to use demographic data (such as DoB) for verification of identity in specific situations. For instance, if a student calls your help desk to get their password reset, you are not supposed to solely use demographic data to verify their identity and then subsequently issue a password reset. However, if the student shows up in person and hands you a picture ID, you could use the DoB as a verifying factor to ensure that you're looking at the correct student. > > With all of this being said, I've also run into administrators who insist that certain information is FERPA protected because that is the way they interpreted FERPA when they read it at some point in the past (or worse yet, somebody told them that it was FERPA-protected data and they just took that as gospel). > > What you really need to do is identify an appropriate administrator (or governance group) as your "FERPA authority", and they need to create a formal written policy documenting your directory data based on their interpretation of FERPA. This is oftentimes the Registrar or Director of Admissions and Records. You should be able to do a quick Google search to see other universities' policies, as in: http://www.virginia.edu/registrar/documents/FERPA-parents&students.pdf > > Thx, > A > > Andy Miller > Senior Director, Enterprise Applications and Data Services > California State University, Chico > 530.898.3169 > > Sent from my iPad > > On Jan 7, 2012, at 9:19 AM, "Sam Young" wrote: > >> We mask SSN for almost everyone. There are only a select fee that have access to a persons's SSN. >> >> DOB is commonly used to verify a person's identity so it doesn't make sense to limit access to it. Employees that are authorized to screens with DOB can see the information. We do not have additional security on the field. >> >> We do, as I'm sure also do, have an confidentiality agreement that all employees sign. >> >> As far as I know, FERPA allows employees to view that information is the it is deemed necessary. >> >> God bless, >> Sam Young >> CIO PLNU >> >> Sent from my iPhone >> >> On Jan 7, 2012, at 9:10 AM, "Mike Cunningham" > wrote: >> >> You might also ask if they need the full DOB or maybe what they really needs is age and have just calculated that from DOB in the past. Some will always need it because there are reporting requirements for state and federal government that require the full date of birth. >> >> From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson >> Sent: Saturday, January 07, 2012 10:11 AM >> To: CIO@LISTSERV.EDUCAUSE.EDU >> Subject: Re: [CIO] Privacy and data security >> >>
Right-o, gotcha.  In this case the FERPA guidelines should  be a good basis for your decision making because they include language about specific use cases such as ' administrative sharing and usage' of DoB data element...

Thx,
A

Connected by DROID on Verizon Wireless


-----Original message-----
From: Carol Katzman <ckatzman@BARNARD.EDU>
To:
"CIO@LISTSERV.EDUCAUSE.EDU" <CIO@LISTSERV.EDUCAUSE.EDU>
Sent:
Sat, Jan 7, 2012 21:11:49 GMT+00:00
Subject:
Re: [CIO] Privacy and data security

Just to clarify: I am not talking about "end users" viewing DoB. I am talking about DoB being available on Datatel screens for administrative users who are entering data and developing reports in the ERP.

I am also trying very hard to redirect all of our programming efforts into the massive migration effort. We absolutely plan to redo system access for security and selectively block or mask specific fields in the migration.

The issue at hand is whether we need to block items now in a system which is obsolete because it may take 1 to 3 years to get to this in the system overhaul.

Best,
Carol
_________
Carol Katzman
Vice President for
Information Technology
Barnard College

Sent from my iPhone

On Jan 7, 2012, at 3:16 PM, "Miller, Andy" <lamiller@CSUCHICO.EDU> wrote:

> The issue of hiding/masking DoB and the issue of using DoB to verify identity are 2 mutually exclusive issues.  As far as FERPA is concerned, allowing for DoB to be used as directory data (and thus be viewable/searchable) is a matter of interpretation.  Many schools consider DoB to be directory information that is "releasable", without the consent of the student.  However, as far as FERPA is concerned, you're NOT supposed to use demographic data (such as DoB) for verification of identity in specific situations. For instance, if a student calls your help desk to get their password reset, you are not supposed to solely use demographic data to verify their identity and then subsequently issue a password reset.  However, if the student shows up in person and hands you a picture ID, you could use the DoB as a verifying factor to ensure that you're looking at the correct student.
>
> With all of this being said, I've also run into administrators who insist that certain information is FERPA protected because that is the way they interpreted FERPA when they read it at some point in the past (or worse yet, somebody told them that it was FERPA-protected data and they just took that as gospel).
>
> What you really need to do is identify an appropriate administrator (or governance group) as your "FERPA authority", and they need to create a formal written policy documenting your directory data based on their interpretation of FERPA.  This is oftentimes the Registrar or Director of Admissions and Records. You should be able to do a quick Google search to see other universities' policies, as in: http://www.virginia.edu/registrar/documents/FERPA-parents&students.pdf
>
> Thx,
> A
>
> Andy Miller
> Senior Director, Enterprise Applications and Data Services
> California State University, Chico
> 530.898.3169
>
> Sent from my iPad
>
> On Jan 7, 2012, at 9:19 AM, "Sam Young" <SamYoung@POINTLOMA.EDU> wrote:
>
>> We mask SSN for almost everyone. There are only a select fee that have access to a persons's SSN.
>>
>> DOB is commonly used to verify a person's identity so it doesn't make sense to limit access to it. Employees that are authorized to screens with DOB can see the information. We do not have additional security on the field.
>>
>> We do, as I'm sure also do, have an confidentiality agreement that all employees sign.
>>
>> As far as I know, FERPA allows employees to view that information is the it is deemed necessary.
>>
>> God bless,
>> Sam Young
>> CIO PLNU
>>
>> Sent from my iPhone
>>
>> On Jan 7, 2012, at 9:10 AM, "Mike Cunningham" <mike.cunningham@PCT.EDU<mailto:mike.cunningham@PCT.EDU>> wrote:
>>
>> You might also ask if they need the full DOB or maybe what they really needs is age and have just calculated that from DOB in the past. Some will always need it because there are reporting requirements for state and federal government that require the full date of birth.
>>
>> From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson
>> Sent: Saturday, January 07, 2012 10:11 AM
>> To: CIO@LISTSERV.EDUCAUSE.EDU<mailto:CIO@LISTSERV.EDUCAUSE.EDU>
>> Subject: Re: [CIO] Privacy and data security
>>
>>
We started with a data administration  /  information security policy.  On our campus, we don't believe that the decisions about "who can see what" are IT decisions, with the exception of IT generated data like system / network logs.  Our policy is here:  #860 Information Security
In that policy, data stewards are defined, and the list of data stewards is here:  Policy #860 Approved Data Stewards

This is blended with understanding the laws and regulations, both federal and state, that govern protecting and releasing data, including FTC Red Flags, FERPA, state PII laws, HIPAA, etc.  Add to that campus culture; for example, you mention protecting the privacy of salary and wage information.  For my state university, salary and wage information are published in public records.

For data identified as "confidential" in the Information Security policy, we require the approval of the data steward, the employee's supervisor, and a written business purpose on the access request forms.  So, for example, for a university employee to see SSN in the enterprise system, the individual's supervisor and the data steward both have to review a written statement like "I need to see SSN in order to process payroll." and approve the access.
Date of birth is something that in conjunction with other elements might fit a state PII data protection law, and it has age discrimination risks, so we generally try to limit access (again, someone has to get supervisor and data steward approval to access). 

This is a timely discussion with the Educause announcements about "January is Data Privacy Month".  You may find the material posted there helpful in considering your data administration and security rules. 
http://www.educause.edu/Resources/Browse/Privacy/16915
My experience was it took time to get the campus to understand that you can't share (see) data just because you want to and that we have to understand that we are only stewards.  Data should be shared as intended by the data owner - the individual who owns his/her name, DOB, etc.
Further, if you go to the Educause site, and search on "Data classification" you'll find several resources, including presentations, that are terrific for getting a start on making decisions about data.

Best wishes,
Theresa

Carol, I believe it depends on the size of your database. Our database has over two million records, and (for example) hundreds of Michael Smiths. While we don't use DoB as an authenticator, we do use it as part of an identifier. While I recognize that the more access to personal information staff has the easier it is for them to impersonate others, when Michael Smith says he wants to know his admission status or wants to get a transcript, we couldn't correctly perform our jobs without full access to DoB. If your database is so small that you don't have more than one of any name, your administrative users could probably get by without access to DoB. Kevin On 1:59 PM, Carol Katzman wrote: > > Just to clarify: I am not talking about "end users" viewing DoB. I am > talking about DoB being available on Datatel screens for > administrative users who are entering data and developing reports in > the ERP. > > I am also trying very hard to redirect all of our programming efforts > into the massive migration effort. We absolutely plan to redo system > access for security and selectively block or mask specific fields in > the migration. > > The issue at hand is whether we need to block items now in a system > which is obsolete because it may take 1 to 3 years to get to this in > the system overhaul. > > Best, > Carol > _________ > Carol Katzman > Vice President for > Information Technology > Barnard College > > Sent from my iPhone > > On Jan 7, 2012, at 3:16 PM, "Miller, Andy" > <lamiller@CSUCHICO.EDU> wrote: > >
> The issue of hiding/masking DoB and the issue of using DoB to verify > identity are 2 mutually exclusive issues. As far as FERPA is > concerned, allowing for DoB to be used as directory data (and thus be > viewable/searchable) is a matter of interpretation. Many schools > consider DoB to be directory information that is "releasable", without > the consent of the student. However, as far as FERPA is concerned, > you're NOT supposed to use demographic data (such as DoB) for > verification of identity in specific situations. For instance, if a > student calls your help desk to get their password reset, you are not > supposed to solely use demographic data to verify their identity and > then subsequently issue a password reset. However, if the student > shows up in person and hands you a picture ID, you could use the DoB > as a verifying factor to ensure that you're looking at the correct > student. > > With all of this being said, I've also run into administrators who > insist that certain information is FERPA protected because that is the > way they interpreted FERPA when they read it at some point in the past > (or worse yet, somebody told them that it was FERPA-protected data and > they just took that as gospel). > > What you really need to do is identify an appropriate administrator > (or governance group) as your "FERPA authority", and they need to > create a formal written policy documenting your directory data based > on their interpretation of FERPA. This is oftentimes the Registrar or > Director of Admissions and Records. You should be able to do a quick > Google search to see other universities' policies, as in: > http://www.virginia.edu/registrar/documents/FERPA-parents&students.pdf > > Thx, > A > > Andy Miller > Senior Director, Enterprise Applications and Data Services > California State University, Chico > 530.898.3169 > > Sent from my iPad > > On Jan 7, 2012, at 9:19 AM, "Sam Young" <SamYoung@POINTLOMA.EDU> > wrote: > >
> We mask SSN for almost everyone. There are only a select fee that have > access to a persons's SSN. > > DOB is commonly used to verify a person's identity so it doesn't make > sense to limit access to it. Employees that are authorized to screens > with DOB can see the information. We do not have additional security > on the field. > > We do, as I'm sure also do, have an confidentiality agreement that all > employees sign. > > As far as I know, FERPA allows employees to view that information is > the it is deemed necessary. > > God bless, > Sam Young > CIO PLNU > > Sent from my iPhone > > On Jan 7, 2012, at 9:10 AM, "Mike Cunningham" > <mike.cunningham@PCT.EDU<mailto:mike.cunningham@PCT.EDU>> > wrote: > > You might also ask if they need the full DOB or maybe what they really > needs is age and have just calculated that from DOB in the past. Some > will always need it because there are reporting requirements for state > and federal government that require the full date of birth. > > From: The EDUCAUSE CIO Constituent Group Listserv > [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kyle Johnson > Sent: Saturday, January 07, 2012 10:11 AM > To: CIO@LISTSERV.EDUCAUSE.EDU<mailto:CIO@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [CIO] Privacy and data security > >
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.