Minutes
10-25-07
Members
Present: Harry Lawhorn, Becky Telford, Shirley Apple-Shoup, Julie
Slattery, Jane Salisbury
Absent: Becki
Lawhorn, Kathi Richards, Darrell Isaacs
The meeting was
called to order by Dr. Salisbury in the absence of team leader Becki
Lawhorn. The agenda topic was the presentation/interpretation by Becky
Telford of the Information Security Survey distributed by the
Information Security Team led by Dan Reke.
After
considerable discussion of survey results, the following questions are
being asked and/or recommendations being considered to the CQI Steering
Committee regarding those individuals and offices not able to complete
designated work without the use of social security numbers:
1. Because
personal calendars are not secure,
those individuals and offices making
appointments for student academic advising including the ARC, graduation
checks, career advising, etc., should use and have access to only the
final four digits of the social security number. This would include
but not be limited to faculty, faculty support, deans, career services,
and disability services, unless needed for other purposes.
A suggestion for moving toward this would
be the masking of all but the last four digits of the social security
number within the NAE screen.
2. While
the entire social security number needs to be entered into Datatel
during the admission process, it is unclear what is being done with the
hard copies from which the data entry occurs. Likewise, the yellow
prospect cards have social security numbers necessary for tracking and
then sending the 30, 60, 90 day follow-up letters and the library
maintains social security numbers for student identification purposes.
Questions revolve about how these different
areas secure and protect the integrity of the social security number.
Could contact information be entered into Datatel and the yellow cards
be destroyed?
A better student ID process needs to be
researched, one that would utilize the Colleague ID rather than the
social security number for identification purposes.
Other areas of concern include the COMPASS
testing process and the ILP. What data bases are being created/accessed
and what storage parameters are being followed? Are all nine digits of
the social security number necessary or would the final digits fulfill
the necessary identification requirements?
3. Those
offices and individual faculty members needing complete social security
numbers for program tracking purposes, for background checks, or for
certification/licensing processes need to have secure storage for these
documents. This would include but not be limited to nursing, human
services, early childhood, the Police Academy, some areas of CIT,
Financial Aid, Institutional Research, Tech Prep, and Human Resources.
HR and Financial Aid seem to have
semi-secure storage facilities. Most faculty offices do not. A
document imaging system could facilitate record security.
4.
Additional concerns and suggestions:
·
Block Datatel access on all computers except
those actually needing it, i.e., computer labs.
·
Prohibit use of personal laptops or removable
storage devices in storing any personal information of students or
employees.
·
Investigate grant availability for student ID
card and document imaging systems.
5.
There was no further discussion of the card
swipe device that would support social security number protection in
areas such as Enrollment Services or the Business Office.
Next meeting:
TBA
