In late August, there was a spirited discussion on the Micronet
list regarding the display of certain items of personal information
via the HRMS Self-Service features of the Berkeley Business Portal,
"Blu" <http://blu.berkeley.edu>.
Two of the three concerns raised in that discussion, whose thread
is archived at <http://ls.berkeley.edu/mail/micronet/2003/0702.html>,
appear to have been addressed:
- The Social Security Number and date of birth are no longer displayed.
- Bank account numbers (for Direct Deposit) are now partially masked
for display.
I have not seen any subsequent response to a third concern raised
by a Micronet member in that discussion:
- There is currently no opt-in requirement, or opt-out option,
associated with the feature which allows you to change the
bank account into which your paycheck is directly deposited.
According to Tessa Michaels, the Chief Technology Officer for
Business and Administrative Services (BAS), "There was a Deans and
Directors [memo] that went out addressing the changes made to the
self service options in Blu." (This memo is appended in its
entirety, below.) Tessa Michaels, IS&T-ASD's Director Kelly Haberer,
and other administrators have also been responding directly to
various staff and faculty who have expressed concerns in this area.
Aron Roberts
Workstation Software Support Group
P.S. In an earlier communication, Tessa noted that even prior to the
discussion of these issues on the Micronet list, "we have been
cognizant of this issue around Personal Information and [have been]
considering solutions/responses ..."
-- <http://www.berkeley.edu:5027/cgi-bin/deans_memos/deans_memos.pl?search_results=20&display_memo=1484&search_subject=&search_body=&search_from=&search_to=&search_date_to=&search_date_from=> DATE: 08/29/03 TO: DEANS, DIRECTORS, DEPARTMENT CHAIRS AND ADMINISTRATIVE OFFICERS FROM: Horace Mitchell Vice Chancellor Business and Administrative Services SUBJECT: Security of Personal Information in Campus Administrative Systems As a result of heightened concerns about the security of computer systems and personal information, the Office of Human Resources and Information Systems & Technology have taken steps to modify HRMS Self-Service. Since the recent increase in email worms and viruses, some members of the campus population have become convinced that certain personal information should not be displayed to the individual data owner via CalNet authentication. The changes that have been made include removing the display of Social Security Number, date of birth and other personal information that HRMS Self-Service provided for verification purposes only. The service to display and update name, home addresses, phone numbers, emergency contact, and email address information remains in place. In addition, the Direct Deposit portion of Self-Service has been modified so that the full bank account number is masked to only display a portion of the number for verification purposes. When the data owner needs to update direct deposit information, the full bank account number can be entered and verified, but the display returns to masked mode once the update is complete. As you know, personal information, including Social Security Number and bank deposit information (for those employees who use Direct Deposit), must be captured for payroll purposes and has been maintained in HRMS since July, 2002. The change that occurred in July, 2003 was to make access available to individuals so they could enter and update their own personal information rather than share this information with an administrator to accomplish an update. While these changes to HRMS Self-Service may relieve specific concerns about data display, it's important for all users of campus systems to be aware of the need for security at all times. The CalNet ID and passphrase function like a bank account PIN, and most individuals would not share such a PIN with anyone else. The same rule applies at work, where the CalNet ID is the key to many administrative functions. No one should share his or her CalNet ID and passphrase with anyone, including colleagues or staff members who provide support for administrative and other activities. Horace Mitchell, Vice Chancellor-Business and Administrative Services ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Tue Sep 30 13:12:12 2003
This archive was generated by hypermail 2.1.8 : Tue Sep 30 2003 - 13:12:12 PDT