[CC] SSN vs PIDM as an ID in Banner

[David Rigg]

There is a request from Senior Staff that we look into eliminating SSN as an
ID in Banner.  (The primary concern is identity theft.)

At present the SPRIDEN record with SPRIDEN_CHANGE_IND null is typically the
SSN where the SSN is known.  For each individual (at least after the nightly
process runs) there is an alternate ID consisting of the letter P followed
by an 8 digit PIDM (left zero filled). The notion is to make that the
primary ID and delete IDs that are the same as the SSN.

If you look at SPAIDEN, for example, there would still be two areas of
concern.  One of those is the "Biographical" tab, which displays the SSN.
TAB-level security makes it possible to limit who can see individual tabs,
however, this is a new feature and not currently part of any Team Lead's
Banner Class definitions.  The other concern is that even with that TAB
blocked, it is possible for anyone with access to the form to do an
Alternate ID search on a person's name and display the SSN even if it isn't
a SPRIDEN_ID.  I am not sure how we get around that, how we prevent someone
from entering a SSN as an ID later on, the effect of the change on existing
MS Access Reports or on existing nightly processes, though some will
certainly need to be modified.

To get a better idea of the impact, it will likely be necessary to clone a
database instance and run tests.

Input/ideas from the coordinating committee on this matter are welcome.

Dave