Re: Fwd: Re: [MAGNet] CalMail and secure info

fyi, this has now been changed on the HRweb FAQ to making a phone
call instead of using email, and I've requested a scan of any user
mailboxes at the Police Department where this data may have been
sent. HR administrators across campus will also be notified about
this, and requested to delete any copies of email they have ever sent
to anyone for any purpose with this data in it.

Thanks to Michael for noticing this and questioning it.

Cheers,
Patrick

At 11:10 AM 5/27/2006, Karen Eft wrote:
>F.Y.I.
>Yes, my office is following up on this.
>-K.E.
>
>Begin forwarded message:
>
>>From: Bernie Rossi <<mailto:rossi@berkeley.edu>rossi@berkeley.edu>
>>Date: May 26, 2006 2:05:12 PM PDT
>>To: Michael Rimar <<mailto:mrmr@berkeley.edu>mrmr@berkeley.edu>,
>><mailto:micronet-list@uclink.berkeley.edu>micronet-list@uclink.berkeley.edu,
>><mailto:magnet-list@lists.berkeley.edu>magnet-list@lists.berkeley.edu,
>><mailto:consult@berkeley.edu>consult@berkeley.edu
>>Cc: <mailto:hrweb@berkeley.edu>hrweb@berkeley.edu,
>><mailto:camillen@uclink.berkeley.edu>camillen@uclink.berkeley.edu,
>><mailto:terric@uclin4.berkeley.edu>terric@uclin4.berkeley.edu
>>Subject: [Micronet] Re: [MAGNet] CalMail and secure info
>>
>>Hi Michael,
>>
>>There are two aspects to this question, the technical and the policy.
>>
>>As for the technical side, if the message is sent from CalMail to
>>CalMail, then the transport would be secure. Once on CalMail, it
>>is stored in plain text, which if hacked could be vulnerable. This
>>is true with any email system. As far as I can see, they are not
>>using any encryption on these messages.
>>
>>If the message is sent from outside CalMail, then it is subject to
>>the vagrancies of the network and anything could happen prior to it
>>getting to us.
>>
>>Then, of course, as Aron just reminded me, if the person sending
>>the message is keeping copies of their outgoing mail, there is the
>>issue of the social security number being stored on their computer.
>>
>>As for the policy side, that is for the IT Policy Office to respond
>>to. I have forwarded your message to them, they will respond accordingly.
>>
>>Thanks,
>>
>>Bernie Rossi
>>CalMail Consulting
>>
>>
>>At 1:34 PM -0700 5/26/06, Michael Rimar wrote:
>>>Hello
>>>
>>>I was surprised to see this suggestion on the HR website:
>>>1. When hiring an employee who claims to have already
>>>cleared a campus criminal background check, how can departments
>>>accurately verify a previous fingerprint session?
>>>
>>>2. To find out if an individual has already had a
>>>criminal background check, departments can send the UC Police
>>>Department the full name, date of birth, and social security
>>>number of the individual in question to:
>>><mailto:camillen@uclink.berkeley.edu>camillen@uclink.berkeley.edu
>>>or <mailto:terric@uclin4.berkeley.edu>terric@uclin4.berkeley.edu
>>>
>>>I've always followed the proscription against emailing such
>>>info. Is Calmail's use of secured connections sufficient to make
>>>this not an issue?
>>>
>>>Thanks, Michael
>>>------------------------------
>>>Michael Rimar
>>>Administrative Assistant
>>>UC Botanical Garden
>>>200 Centennial Drive #5045
>>>Berkeley, CA 94720-5045
>>>510-642-0849
>>>fax 510-642-3012
>>> <http://botanicalgarden.berkeley.edu>http://botanicalgarden.berkeley.edu
>>

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue May 30 13:07:27 2006