Re: [MAGNet] CalMail and secure info

From: Bernie Rossi <rossi_at_berkeley.edu>
Date: Fri May 26 2006 - 14:05:12 PDT

Hi Michael,

There are two aspects to this question, the technical and the policy.

As for the technical side, if the message is sent from CalMail to
CalMail, then the transport would be secure. Once on CalMail, it is
stored in plain text, which if hacked could be vulnerable. This is
true with any email system. As far as I can see, they are not using
any encryption on these messages.

If the message is sent from outside CalMail, then it is subject to
the vagrancies of the network and anything could happen prior to it
getting to us.

Then, of course, as Aron just reminded me, if the person sending the
message is keeping copies of their outgoing mail, there is the issue
of the social security number being stored on their computer.

As for the policy side, that is for the IT Policy Office to respond
to. I have forwarded your message to them, they will respond
accordingly.

Thanks,

Bernie Rossi
CalMail Consulting

At 1:34 PM -0700 5/26/06, Michael Rimar wrote:
>Hello
>
>I was surprised to see this suggestion on the HR website:
>
>1. When hiring an employee who claims to have already cleared a
>campus criminal background check, how can departments accurately
>verify a previous fingerprint session?
>2. To find out if an individual has already had a criminal
>background check, departments can send the UC Police Department the
>full name, date of birth, and social security number of the
>individual in question to: camillen@uclink.berkeley.edu or
>terric@uclin4.berkeley.edu
>
>I've always followed the proscription against emailing such info.
>Is Calmail's use of secured connections sufficient to make this not
>an issue?
>
>Thanks, Michael
>
>------------------------------
>Michael Rimar
>Administrative Assistant
>UC Botanical Garden
>200 Centennial Drive #5045
>Berkeley, CA 94720-5045
>510-642-0849
>fax 510-642-3012
> http://botanicalgarden.berkeley.edu

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri May 26 14:09:43 2006

This archive was generated by hypermail 2.1.8 : Fri May 26 2006 - 14:09:43 PDT