Re: Securing a document management system

[Allison Dolan <adolan () MIT EDU>]

Theresa

I am curious about the reason such documents need to be scanned -
have the business folks indicated why they need such records and why
they couldn't redact the PII before scanning?   Or is this scanning
for just the HR/payroll department?

Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307
Phone: (617) 252-1461
http://mit.edu/infoprotect



On Mar 6, 2009, at 8:50 AM, Theresa Rowe wrote:

> I'd like to check the collective wisdom of the group on this project:
>
> We are implementing a document management system (EMC,
> Documentum).   The documents are stored as JPEGs in the system.
> We've learned that our community expects to store items that would
> be classified as personally identifiable information under our
> state law.  This includes copies of:
>
> drivers licenses
> social security cards
> court ordered name changes such as divorce decrees
> tax returns with social security numbers
>
> Obviously this needs a high standard of security.  I read that
> there are tools out there that encrypt JPEGs (jpegguard).  Has
> anyone found or used a tool for a system like this?
>
> Have you implemented such a system?  What security safeguards have
> you put in place?
>
> --
> Theresa Rowe
> Chief Information Officer
> Oakland University