[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <009e01c40d39$6da98660$1214dd80@corp.emc.com>
From: exibar at thelair.com (Exibar)
Subject: Emailing SSN info
Not knowing what vendor they want to ship these SSN's off to makes it hard
to answer, although I am NOT an attorney I believe they are opening up
themselves for trouble giving ANY third party the SSN's of their employees.
Unless it's a gov agency that is requesting this info, or a payroll company
that is printing payroll checks (like ADP), they should not even entertain
the thought of giving SSN's out.
If it is an "authorized" agency, I would send the info on CD-Rom,
certified mail. The CD-Rom would be encrypted, and the encryption key would
be sent under separate cover, also certified mail.
Ex
----- Original Message -----
From: "Tony Gettig" <GettigAM@...amazoo.k12.mi.us>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, March 18, 2004 3:44 PM
Subject: [Full-Disclosure] Emailing SSN info
> Hi all,
>
> I work for a school district in the USA. Higher management wants to
> email a zipped data export (presumbably password protected) to a vendor
> that includes the Social Security Number for employees. I have advised
> them against this. Shipping a CDROM overnight would be more secure, IMO.
>
>
> Now they want to know if there are any laws pertaining to the emailing
> of SSN info. (Why they are asking me and not an attorney, I am not
> sure...though I AM going to tell them to speak to an attorney too.)
>
> Can any one point me to a website or cite specific US (or even state)
> laws regarding this? Even a reply telling me why this is a bad idea
> would be great. If I am wrong, I am glad to hear that too. Thanks in
> advance!
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
Powered by blists - more mailing lists