Re: Securing a document management system

[Theresa Rowe <rowe () OAKLAND EDU>]

Actually, it is the financial aid office that is the biggest driver - they
have more stuff than HR.  They have everything under the sun and maintain
they need it all.

Theresa Rowe

On Mon, Mar 9, 2009 at 8:44 AM, Allison Dolan <adolan () mit edu> wrote:

> Theresa
> I am curious about the reason such documents need to be scanned - have the
> business folks indicated why they need such records and why they couldn't
> redact the PII before scanning?   Or is this scanning for just the
> HR/payroll department?
>
> Allison F. Dolan
> Program Director, Personally Identifiable Information
> Massachusetts Institute of Technology
> 77 Massachusetts Ave  NE49-3021
> Cambridge MA 02139-4307
> Phone: (617) 252-1461
> http://mit.edu/infoprotect
>
>
>
> On Mar 6, 2009, at 8:50 AM, Theresa Rowe wrote:
>
> I'd like to check the collective wisdom of the group on this project:
>
> We are implementing a document management system (EMC, Documentum).   The
> documents are stored as JPEGs in the system.   We've learned that our
> community expects to store items that would be classified as personally
> identifiable information under our state law.  This includes copies of:
>
> drivers licenses
> social security cards
> court ordered name changes such as divorce decrees
> tax returns with social security numbers
>
> Obviously this needs a high standard of security.  I read that there are
> tools out there that encrypt JPEGs (jpegguard).  Has anyone found or used a
> tool for a system like this?
>
> Have you implemented such a system?  What security safeguards have you put
> in place?
>
> --
> Theresa Rowe
> Chief Information Officer
> Oakland University


--
Theresa Rowe
Chief Information Officer
Oakland University