there’s safety in numbers!
DESCRIPTION
There’s Safety in Numbers!. Temple University. Timothy O’Rourke Vice President, Computer & Information Services. Barbara Dolhansky Associate Vice President, Computer & Information Services. The Hard Facts!. - PowerPoint PPT PresentationTRANSCRIPT
-
Theres Safety in Numbers!Barbara DolhanskyAssociate Vice President, Computer & Information Services
Timothy ORourke Vice President, Computer & Information Services
Temple University
-
The Hard Facts! Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were reported last year, according to a Federal Trade Commission survey!
4/11/06 Specialty retailer Ross-Simons said a security breach detected earlier this month compromised personal information on 32,000 customers who applied for store credit cards from October 2004, when the cards were first issued, to April 4, when the problem was verified, Ross-Simons spokesman said the data that was accessed was similar to the information on any credit application, including Social Security numbers.. (Associated Press Newswires, April 13, 2006)
4/20/06. Boeing is notifying 3,600 current and former employees that their names, Social Security numbers and in some cases, addresses and phone numbers, may have been compromised after a laptop was stolen several days ago. The laptop was grabbed from a Boeing human-resources employee at an airport, said company spokesman Tim Neale.. (The Seattle Times, April 21,)
-
The Hard Facts! 4/29/06 A Union Pacific employees personal computer was stolen Saturday, April 29, which contained a report with the names, Social Security numbers and birth dates of 30,000 employees at Union Pacific.. (Union Pacific Statement, May 8, 2006)
5/25/06 VyStar Credit Union announced Thursday that hackers stole VyStar members personal account information. 34,000 customer accounts were affected. The pilfered information includes names, addresses, social security numbers, birth dates, mothers maiden names and e-mail addresses.. (The Florida Times-Union, May 27, 2006)
7/2006 A laptop computer containing personal information of more than 133,000 Floridians was stolen in late July from a government SUV parked in front of a popular Doral cafeteria, the U.S. Department of Transportation announced Wednesday. There is no evidence that the data have been used illegally, DOT officials stressed Wednesday in Washington and Miami.. (The Miami Herald, August 10, 2006)
-
The Hard Facts! 2006 Disclosures of U.S. Data IncidentsAt least 148 incidents have been disclosed, potentially affecting nearly 9.3 million individuals30% of disclosures involve educational institutions; 30%, governmental or military agencies; 18%, general business; 11%, health care facilities or companies; and 11%, banking, credit or financial services entities.Since January 2006 at least 845,000 people have had sensitive information jeopardized in 29 security failures at colleges We store similar personal information as a bank and were easier prey than a bank!Most states enacting legislation penalizing the failure to adequately protect an individuals privacy!
-
PA Senate Bill 712 Breach of Personal Information Notification Act Enacted June 20, 2006 by the PA legislature Provide notice (written, telephone or substitute) to individuals in event of security breach of personal information First name & last name linked with:SSNDrivers license number or state id cardFinancial account number, debit or credit card number, in combination with security code to access account information Not just about electronic data! Paper files also included in law.
-
Who are We?Based in Philadelphia, Temple is one of Pennsylvanias three public research Universities, along with Pitt & Penn State The University has over 35,000 students, 16,000 annual W-2s issued, and over 230,000 alumni 26th largest University in the United States 6th largest provider of professional education in the country17 schools and colleges including schools in Law, Medicine, Pharmacy, Podiatry, & Dentistry and campuses in Tokyo, Japan, & Rome, Italy$90 million Physicians Practice PlanTotal operating budget of $900 million
Temple Health System (a wholly owned subsidiary of the University) is a $1 billion operation made up of 13 separate corporate entities and has over 5,000 employees. The University runs the HR system for the Health System.
-
Our Goals!Protect the personal data of our students, faculty, administrators, and alumni
Increase our confidence that the personal data is adequately protected
Educate / improve awareness among Temple community as to the importance of confidentiality and the personal protection of their data
Keep us out of the newspapers!
-
Our Challenges!Many old legacy systems employed SSN as key Student, HR, FinanceSS# key to all of our systemsAlmost 1,000,000 unique SSNs in these systems
Over 25 centrally maintained ancillary systems using SSN as Key
Complex web of shadow systems and an unknown number of Access data bases and spreadsheets throughout departments
Limited resources and many other priority initiatives
Delay of ERP deployment Passed policy in September 2004, with a hard deadline of September 30, 2005
-
The ProjectBarbara Dolhansky
-
True Confessions / Things Not to DoDont enlist five computing students to perform code changes
Dont forget your school mascot
Dont expect alumni to donate money to the cause.
Dont forget to have a conversion concierge.
-
Important>>>>Its a Big Project!>>>> PLAN13,000 HOURS!!!
Summary Task NameEstimated HoursSSN Elimination Project13,000Project Management550Develop Information Website20Develop Search Screen600Develop Potential Matches Screen600Develop Add/Update Logic400ISIS Modifications1,850HRS Modifications820FMS Modifications240Access Card Modifications700Snyder Reporting Modifications420Convert Ancillary Systems840Develop Multiple Records Process350University Forms1,360Conversion2,600User Testing850Training400Establish Data Integrity Office400
-
Timeline
Milestone Description
-
NameTitle
NameTitle
NameTitle
NameTitle
Team Title
NameTitle
Company Name
Company NameDepartment Name
NameTitle
NameTitle
Executive Committee Barbara DolhanskyComputer Services
Conversion Team Matt WaldronComputer Services
-
Major Central Systems
Integrated Student Information System (Records back to 1963)ID Card SystemHuman Resource System (Records back to 1993)LDAP DirectoryFinancial Management System (Records back to 1987)Student Recruitment Information System (SRIS)
-
Central Ancillary Systems
Kronos Time Reporting SystemUndergraduate Application WebsitePosition Control SystemGraduate Application WebsiteTelephone BillingDocument Imaging SystemRMS Housing SystemMcGann Parking SystemEthernet Access in Residence Halls WebsiteQConnect Appointment SystemLibrary SystemMany InterfacesFirst Year Writing Program SystemJudicial Database SystemHelp Desk SystemDepartmental Shadows SystemsFocus Reporting System
-
Offices Affected
Academic Computer ServicesSchools/Colleges/CampusesComputer Services Information SecuritySchool of MedicineTelecommunicationsSchool of Podiatric MedicineDocument Imaging OfficeSchool of DentistryOffice of Undergraduate AdmissionsSchool of LawGraduate SchoolSchool of PharmacyDevelopment OfficePlanning and Policy AnalysisOffice of Human ResourcesInternational ProgramsBursarCampus SafetyRecreation ServicesProvost OfficeStudent Financial ServicesLegal CounselAcademic Records OfficePrivacy OfficerGeneral AccountingInternal AuditsID Card OfficeStudent AffairsTUHS and AffiliatesParkingHousingLibrary
-
Our Clever Nine Digit Unique IdentifierThe TUid
First digit set to 9 and the last digit is check digit.
Sequentially assigned from one database automatically updates two legacy systems .
Purchased NameSearch from IntelligentSearch to assist with record matching. One number assigned to an individual used across the entire institution. Stored in systems that may have separate ID.
-
PolicyThe use of the Social Security number as a primary identifier for Temple-Related Individuals shall be avoided, except as required by law or as required by practical necessity as approved by the President or other designated University officers. The Vice President for Computer and Information Services shall develop and implement procedures for ensuring compliance. Compliance Date September 30, 2005
** Separate SSN procedures define guidelines for SSN handling
-
Components of SSN ProceduresPrimary Identifier Guidelines for collecting and storing List of Approved Uses of Social Security Numbers
University Forms Guidelines
Guidelines for Computer and Information SystemsEncryptionDisplay of SSN
List of Social Security Number Safeguards
-
User Approvals RequiredSocial Security Number Usage Request FormSystem requires storage of SSNMust be encrypted
Access to Social Security Number Approval FormIndividuals viewing / updating SSN
Required, promotes compliance and is audited by Internal Audits.
-
Extensive TrainingNew Data Entry and Search ScreensHuman Resource SystemStudent SystemMandatoryConducted 6 weeks prior to conversion Adding and Searching for IndividualsName, TUid or SSN, Birth Date, Address
Authentication Procedures Whats your SSN.
-
Conversion
Milestone Description
-
Re-carding
Milestone Description
-
Temple ID Card Diamond Dollars Building access Parking privileges Library privileges Printing privileges Display TUid on Front HologramOWLcard
-
Card DesignPublications / Office of University Communications
Presented Executive Committee 2 Choices
What is printed? Display TUid? President Final Choice
Verbiage on Reverse University Counsel
Health System Designs (JACHO standards)
-
Card Distribution24,000 Returning Student IDs produced10,000 New Students 7,400 University Employee IDs 7,500 Health System Employee IDs
-
Card Distribution - EmployeesCards Distributed to Dean & Vice Presidential Offices Employees must sign for receipt of card Signed receipt forms & unclaimed cards returned to Human Resources OWLcards cannot be mailed Returned OWLcards shredded
-
Card Distribution - StudentsMultiple distribution points card office, large hall, campuses Students must swipe cards after pickup OWLcards cannot be mailed Professional Schools & Ancillary Campuses return unclaimed cards to Central Office Unclaimed cards shredded
-
Engage support of Senior Management / an essential ingredient
Tell everyone what youre doing / communicate and publicize
Seek input from those affected / involve the community Learn from others mistakes / talk to other Universities/Colleges
Create detailed conversion test plan / down to the hour! Develop a roll back plan / mistakes do occur
Change project teams members if necessary
Why I Still Have My Job / Lessons Learned!
-
More Lessons LearnedLook for the hidden systems / spreadsheets and files are systems
Include programmers on Shadow System Team
Allow plenty of lead time for ID card vendor selection & processing
Help departments with their conversion process
Maintain on demand support during implementation Send friendly reminder e-mails to the entire community
-
Lingering PainsIssuing multiple TUids to one person Dealing with alumni who do not know TUid
Cleaning historic data SSN and personal info remaining on laptops and workstations Non-supported vendor-provided systems that could not be converted Shadow systems and non-central servers
-
Questions?
Theres Safety in NumbersTheres Safety in Numbershttp://ssn2tuid.temple.edu