Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bare Social Social Security Numbers

From: "Charles R. Morrow-Jones" <morrow-jones.2 () OSU EDU>
Date: Mon, 27 Mar 2006 12:06:12 -0500
Seems to me that the answer depends on where the file was located when the breach occurs.

In Ohio, for example, it appears that this would not require notification according to the Ohio law that went into 
effect last month.

<Insert the usual disclaimer about not being a lawyer.....>
The Ohio law hinges around the disclosure of two or more pieces of sensitive information, one of which must be name.

Charles R. Morrow-Jones
Director, Security
Office of the CIO
The Ohio State University
morrow-jones.2 () osu edu -or- 614.292.1302

----- Original Message -----
From: "Geoffrey S. Nathan" <geoffnathan () wayne edu>
Date: Monday, March 27, 2006 11:39 am
Subject: [SECURITY] Bare Social Social Security Numbers


Quick poll (apologies for cross-posting..)

Suppose a file was stolen/accessed containing only social security
numbers with no names attached.  Would this constitute a security
breachnecessitating notification of those whose numbers were
compromised?(Leaving aside the question of whether the
theft/access itself is a breach).

Geoff


--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 11784993) is spam:
Spam:
https://antispam.osu.edu/b.php?c=s&i=11784993&m=3e169ae2cceeNot
spam:    https://antispam.osu.edu/b.php?c=n&i=11784993&m=3e169ae2ccee
Forget vote:
https://antispam.osu.edu/b.php?c=f&i=11784993&m=3e169ae2ccee-------
-----------------------------------------------
END-ANTISPAM-VOTING-LINKS
Previous By Date Next
Previous By Thread Next

Current thread: