Educause Security Discussion mailing list archives
Re: Bare Social Social Security Numbers
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Mon, 27 Mar 2006 11:58:40 -0500
I don't believe according to most privacy legislation that it would be considered a privacy breach. It probably depends on the conditions. If the file defined a group or class of individuals (those with AIDS or another medical condition, those attending a college class, etc) then a small file could possibly be used to identify the SSN. And there are likely several other ways to identify an SSN #. But there are systems where the SSN is both identification and authentication (and possibly authorization) providing access. These are poorly designed (from a privacy and security POV) systems. - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS On Mar 27, 2006, at 11:39 AM, Geoffrey S. Nathan wrote:
Quick poll (apologies for cross-posting..) Suppose a file was stolen/accessed containing only social security numbers with no names attached. Would this constitute a security breach necessitating notification of those whose numbers were compromised? (Leaving aside the question of whether the theft/access itself is a breach). Geoff
Current thread:
- Bare Social Social Security Numbers Geoffrey S. Nathan (Mar 27)
- <Possible follow-ups>
- Re: Bare Social Social Security Numbers scott hollatz (Mar 27)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 27)
- Re: Bare Social Social Security Numbers Christopher E. Cramer (Mar 27)
- Re: Bare Social Social Security Numbers Thomas R. Davis (Mar 27)
- Re: Bare Social Social Security Numbers Steve Worona (Mar 27)
- Re: Bare Social Social Security Numbers Charles R. Morrow-Jones (Mar 27)
- Re: Bare Social Social Security Numbers Ken Connelly (Mar 27)
- Re: Bare Social Social Security Numbers Joel Rosenblatt (Mar 27)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 27)
- Re: Bare Social Social Security Numbers Leo Tran (Mar 27)
- Re: Bare Social Social Security Numbers Gary Golomb (Mar 27)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
(Thread continues...)