Re: SSN Conversion

[Gary Flynn <flynngn () JMU EDU>]

Chad McDonald wrote:

> Our project manager has some questions regarding SSN conversion.
>
>
> > Regarding Student ID Conversion from using the student's SSN
> > as the ID to using a system generated ID:
> >
> > What techniques did you use to facilitate the conversion of
> > the many miscellaneous data stores (spreadsheets, Access
> > databases, etc.) that exist throughout your campus?
>
>
> We are looking strongly at 2 scenarios:
> Provide a file with SSN and New ID (no other information at all would be in
> the file) for administrators of ad hoc databases & spreadsheets.  This would
> be accompanied by user education as well.  The file would be on CD.  CD's
> would be numbered and signed for with agreement not to duplicate or
> communicate data in any fashion.  Once conversion is complete, CD's would be
> retrieved.
>
> OR
>
> Create a secure website for individual SSN / ID lookups.

Control access very carefully to online lookup processes to
reduce the risk of unauthorized disclosure via iterative
lookups...

What is the SSN for ID 1
What is the SSN for ID 2
...
What is the SSN for ID 49999

or

What is the ID for SSN 000-00-0001
What is the ID for SSN 000-00-0002
...
What is the ID for SSN 999-99-9999


> Do you see major security concerns with either approach, given that we have
> to accommodate these administrators?





--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature