Re: Emailing SSN info

["Exibar" <exibar () thelair com>]

Not knowing what vendor they want to ship these SSN's off to makes it hard
to answer, although I am NOT an attorney I believe they are opening up
themselves for trouble giving ANY third party the SSN's of their employees.
Unless it's a gov agency that is requesting this info, or a payroll company
that is printing payroll checks (like ADP), they should not even entertain
the thought of giving SSN's out.

  If it is an "authorized" agency, I would send the info on CD-Rom,
certified mail.  The CD-Rom would be encrypted, and the encryption key would
be sent under separate cover, also certified mail.

  Ex


----- Original Message ----- 
From: "Tony Gettig" <GettigAM () kalamazoo k12 mi us>
To: <full-disclosure () lists netsys com>
Sent: Thursday, March 18, 2004 3:44 PM
Subject: [Full-disclosure] Emailing SSN info


> Hi all,
>
> I work for a school district in the USA. Higher management wants to
> email a zipped data export (presumbably password protected) to a vendor
> that includes the Social Security Number for employees. I have advised
> them against this. Shipping a CDROM overnight would be more secure, IMO.
>
>
> Now they want to know if there are any laws pertaining to the emailing
> of SSN info. (Why they are asking me and not an attorney, I am not
> sure...though I AM going to tell them to speak to an attorney too.)
>
> Can any one point me to a website or cite specific US (or even state)
> laws regarding this? Even a reply telling me why this is a bad idea
> would be great. If I am wrong, I am glad to hear that too. Thanks in
> advance!
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html