On October 18, 2010 Interim President Phillip Austin sent a message, related to the importance of protecting confidential university data, to all University employees.
The University Information Security Office will be developing strategies to identify where confidential data, most notably social security numbers, are generated/collected, stored and accessed. The initiatives will combine business process evaluations to identify and reduce the Universities dependence on SSN’s with electronic tools to help locate, remove or protect confidential data.
In the short term, prior to 1/1/2011, the University will move forward on the following initiatives:
- Masking the SSN for all reports that are currently generated by the Hyperion and Focus reporting tools. This initial step will hide the SSN from any reports, but not from within the application itself, which is an important distinction. If an individual currently has access to input information into a system (Financial or HR for example) that access will not change.
- SSN will be available for any faculty or staff that has requested access, through their Dean, Director or Department Head
- SSN will be masked (hidden) for any faculty or staff that has not been specifically identified as needing access to SSN’s
I want to stress that the above changes will not modify any reports directly. All reports will contain the same information as before except where a SSN used to be displayed it will be replaced with a masking character (* or # most likely).
For UITS to accomplish hiding the SSN data from unauthorized users we are requesting that all Deans, Directors or Department Heads identify those individuals in their areas that require access to reports with SSN’s to accomplish their daily jobs.
Please make requests for report access by following the request process on the security website.
Some other initiatives we will be completing soon are:
- Ensuring that all computers of individuals requiring access to SSN’s are encrypted
- Providing educational materials for all users requiring access to confidential information including specific information provided on the security.uconn.edu site that outlines what confidential data is and its correct handling
- Procuring Web/Video based training on purchased and provided by SANS hosted on our internal HuskyCT platform
- Providing a comprehensive security plan that includes a long term strategy for reducing the collection of and access to confidential data at the University.
Please contact me if you have any questions
Chief Information Security Officer