University Relations
Feb. 8, 2008 Communique
IT Auto-Archiving Files with SSN's
To: All UCCS Faculty and Staff
Due to the ever-increasing danger of Identity Theft and to recent Federal laws that prohibit unnecessary use of Social Security Numbers (SSN's), the Information Technology (IT) department here at UCCS has been performing scans of computer systems looking for files with SSN's. These scans have discovered over 11 million SSN's on various servers and Windows-based computers on the UFP domain. (Macintosh computers and computers on the Engineering domain have not yet been scanned.) Most of these files were left over from before the conversion occurred from SSN's to Student ID's and Employee ID's. IT has been working with the owners of computers with a total number of SSN's greater than 500, but there are still vast numbers of SSNs left in smaller amounts on many computers and in many NT accounts.
The good news is that (for the most part) new SSN's are not re-appearing on computers. This means that departments have done a great job in changing their business processes to use ID's instead of SSN's. The not-so-good news is that it is taking an extremely long time to work with computer owners to delete, archive or clean SSN's from the files. We realize now that we are going to have to take some automated means to more quickly reduce the risk of exposure of private data in case of a security breach.
IT has met with all the governance groups and it has been decided that we need to archive all files with SSN's to a secure location and then remove those files off the NT Servers. We have also found a large number of old files with SSN's in Recycle Bins (computer trash cans) that we need to archive and remove from local hard drives. Most of these Recycle Bins belong to previous users of computers who forgot to empty (delete) their "trash" before they left. So, even if the current computer user empties their Recycle Bin, the old files in the previous user's Recycle Bin will not get emptied.
The plan for this auto-archiving of SSN's is:
- By this Friday, February 22, 2008 - scans will be performed on Staff and Faculty NT accounts (on Enterprise) and Student accounts (on Excelsior).
- By Friday, February 29, 2008 - scans will be performed on Recycle Bins on individual PC hard-drives
- By Friday February 29, 2008, a report with file names and locations will be e-mailed to each individual whose NT server account(s) had SSN's.
- By Friday March 7, 2008 - a report with file names and locations will be e-mailed to each individual whose computer had a Recycle Bin with SSN's.
- On Monday March 24, 2008 - Files with SSN's on NT accounts will be archived (moved from the NT Servers to a secure location).
- On Monday March 31, 2008 - Files with SSN's in Recycle Bins will be archived (moved from the individual hard drive's Recycle Bin to a secure location).
IMPORTANT NOTE: If you have a legitimate business need for keeping the SSN's in your account, please contact Christine Dellacroce, the IT Security Principal, at x3211. She will ensure that your files will not be affected and will work with you on properly securing those SSN's.
You will have three (3) weeks to determine if you absolutely need to keep any of these files. If so, please back them up onto a CD or DVD and store them in a locked drawer or cabinet before Monday, March 24, 2008 for files in NT accounts, and before Friday March 31, 2008 for files in Recycle Bins. The IT department will retain these archived files in a secure area for six (6) months. If you feel you absolutely need to have any of these files restored after they have been archived, please contact Christine Dellacroce, x3211, or Scott Carter, x 3171, before September 30, 2008.
A rescan will be performed after these initial cleanup phases. The number of SSN's still remaining will be evaluated, and we will notify you in the future if/when any of the following file types need to be archived and removed.
- Emails and e-mail attachments on the Unix Email server
- Files with SSN's on Macintosh computers
- Files with SSN's on the Engineering (EAS) domain
- Files with SSN's on Columbia
- Files with SSN's on individual hard drives
Please don't hesitate to contact Christine Dellacroce, x3211, or Jerry Wilson, x3594, with any questions or concerns.
Thank you for your understanding.