Re: SSN Conversion

[Buz Dale <buz.dale () USG EDU>]

You also need to make sure you parse request well.

search id for *;

Buz

Gary Flynn wrote:
> Chad McDonald wrote:
>
> > Our project manager has some questions regarding SSN conversion.
> >
> >
> > > Regarding Student ID Conversion from using the student's SSN
> > > as the ID to using a system generated ID:
> > >
> > > What techniques did you use to facilitate the conversion of
> > > the many miscellaneous data stores (spreadsheets, Access
> > > databases, etc.) that exist throughout your campus?
> >
> >
> > We are looking strongly at 2 scenarios:
> > Provide a file with SSN and New ID (no other information at all would
> > be in
> > the file) for administrators of ad hoc databases & spreadsheets.  This
> > would
> > be accompanied by user education as well.  The file would be on CD.  CD's
> > would be numbered and signed for with agreement not to duplicate or
> > communicate data in any fashion.  Once conversion is complete, CD's
> > would be
> > retrieved.
> >
> > OR
> >
> > Create a secure website for individual SSN / ID lookups.
>
> Control access very carefully to online lookup processes to
> reduce the risk of unauthorized disclosure via iterative
> lookups...
>
> What is the SSN for ID 1
> What is the SSN for ID 2
> ...
> What is the SSN for ID 49999
>
> or
>
> What is the ID for SSN 000-00-0001
> What is the ID for SSN 000-00-0002
> ...
> What is the ID for SSN 999-99-9999
>
>
> > Do you see major security concerns with either approach, given that we
> > have
> > to accommodate these administrators?


--
----
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697
Office of Information and Instructional Technology
University System of Georgia