Scope:
RASU initiated a high priority project to review all SSN access in our core administrative systems in October 2008. Two significant areas of concern were full SSN view through EDNA and in PeopleSoft search match results. Representative from Office of Human Resources (Payroll, HR, Financial Services, Benefits, Talent Acquisitions, Employee Service Desk), Student Records (Financial Aid, Registrar, Graduate College, Admissions, Student Financials), Security, Campus Community, Advantage, EPM, Data Warehouse and EDNA meet during a 6-week period to discuss the proposed changes to EDNA and PeopleSoft.
During these meetings, departments provided feedback on the impact to their departments if SSN was masked. Based on discussions and needs, the following were completed:
• modified EDNA to display a masked SSN (last 4 digits).
• masked SSN on all search page results in PS to display last 4 digits.
• bio demo pages on the Campus Community side have role security so employees with update to SSN will see a full SSN and employees with view access will see a masked SSN.
• Developed a method to give a department full SSN view on the PeopleSoft search match results if the need arose.
• Bio Demo pages on the HR side will have SSN masked at a later date.
• Advantage, the Data Warehouse and EPM have methods in place to restrict access to SSN.
In summary, we have implemented several methods to secure employees SSN and restrict full view to employees with a valid business need to the data.
