The State University of New York has adopted a new SUNY-wide policy on information security in response to several lapses in the security of students’ personal information.
According to officials, the ultimate objective of the plan is to place more safeguards and controls on the transfer of information.
Terry Dylewski has assumed the duties of Binghamton University’s information security officer (ISO), a position mandated by the new SUNY policy. Dylewski said that her role is to collaborate with managers of all functions of the campus and “ensure they participate in major risk decisions regarding information for which they are designated as responsible.”
While the ISO is only in its infancy, Dylewski said she is working with the University on enhancing protection of personal information.
“One of the most recent steps the University has taken is to issue a B-number to all students,” Dylewski said. “This B-number will replace Social Security numbers in all but a few areas which still require the actual Social Security number.”
Student employment and financial aid will still require a Social Security number, she said.
“I think the B-number is a great idea; identity theft does happen and this B-number can help protect students,” Jon Katz, a senior in the School of Management, said.
SUNY spokesman David Henahan said that the institution’s procedure follows state policy, which follows federal law practice, which is based on international practice.
“Our procedure follows sound management practice based on a growing need to pay attention to information risks,” he said. “All forms of information are at risk … including Social Security numbers.”
Henahan emphasized the fact that the move on SUNY’s part stemmed from a growing need to protect information, from personal and faculty information to other types of data.
According to Dylewski there have been further resources developed to help students.
“An Information Security Council has been created,” she said. “This Council consists of divisional representatives, college representatives and representatives of key departments on campus.”
Dylewski explained that the Security Council was created to “provide and support a campus information security program.” She said that if there were a security incident, this body would also “review the incident and recommend strategic improvements to address the underlying root cause of the incident.”
Further incidents in which personal information could be leaked are still a concern for Dylewski.
“We are in the process of developing a training program for the campus. This training will be a combination of online and face-to-face training,” she said. “The protection of sensitive data of students, faculty and staff is of utmost importance to the University.”