They¹re grandfathered in I believe. Besides which, Medicare is a Federal program, not a state program.
In OPs case, I still think the below apply because the SSNs are being specifically used as employee identifiers and/or primary identifiers. I know that we¹ve had to switch all of our payroll and timekeeping records here (as have most other large Universities in CA) away from SSN as a primary identifier. On 2/26/08 8:01 AM, "David Mazzaccaro" <[EMAIL PROTECTED]> wrote: > What about Medicare? > IIRC, they use your SSN as your Medicare number now there¹s the government > for ya! > > > > > From: Salvador Manzo [mailto:[EMAIL PROTECTED] > Sent: Monday, February 25, 2008 2:31 PM > To: NT System Admin Issues > Subject: Re: Handling of confidential files > > 1. It¹s an SB1386 best practice. > 2. Read http://www.oispp.ca.gov/consumer_privacy/pdf/ssnrecommendations.pdf > for practical details on California Civil Code 1798.85, restricting use on > printed materials, as well as California Labor Code Section 226, restricting > use of the SSN as an employee identifier. >>> On 2/25/08 10:53 AM, "Joe Heaton" <[EMAIL PROTECTED]> wrote: >>> Salvador, >>> >>> Don't know that it's being used as an identifier, or simply in the document. >>> But, do you have a reference for your statement? I'm new to state service, >>> so I'd be very interested in seeing that. Would give me something to use as >>> ammunition for getting the SSN out of the document altogether... >>> >>> Joe Heaton >>> >>> From: Salvador Manzo [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> Sent: Monday, February 25, 2008 10:07 AM >>> To: NT System Admin Issues >>> Subject: Re: Handling of confidential files >>> >>> Considering government agencies aren¹t even supposed to use SSN as an >>> identifier in the state of CA... >>> >>> >>> On 2/23/08 3:53 PM, "Don Ely" <[EMAIL PROTECTED]> wrote: >>> Sounds like its time for an anonymous tip to the state.... >>> >>> On Sat, Feb 23, 2008 at 8:58 AM, Joe Heaton <[EMAIL PROTECTED]> wrote: >>> >>> I agree with everything you've said Martin, but you forget who I work for. >>> I work for the state, which means that I use whatever "tool" they choose, >>> including this homegrown, insecure spreadsheet. I'm just trying to put as >>> much security on it as I can, and I think that in my limited ability to >>> make change, the drop folder is going to be the way to go. As I mentioned >>> in my original post, the timesheets are not just an internal thing. They >>> are sent to another state agency to actually get the paychecks processed >>> and printed, so using a 3rd party application doesn't work, one because >>> it's not "what the state uses", and two, because the other agency would >>> have to accept it, and be able to work with it. Believe me, I'm not >>> defending how things are done, I'm simply a pained cog in the works... >>> >>> Joe Heaton >>> >>> -----Original Message----- >>> From: Martin Blackstone [mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> Sent: Saturday, February 23, 2008 8:40 AM >>> To: NT System Admin Issues >>> Subject: RE: Handling of confidential files >>> >>> Frankly the whole process is lame and wrought with danger. >>> First off, there is zero acceptable reason for having the put the SSN in >>> the >>> spreadsheet at all. >>> HR and payroll processing should already have that data and hopefully in a >>> secure location or a secure DB. Any even halfway decent payroll application >>> should have all pertinent employee data required to process payment already >>> in place. Any employee should and could rightfully decline to put that >>> information in an email. >>> As for the JPG signatures, once again, lazy and inappropriate. I don't want >>> my signature flying all over the email space going who knows where. An >>> email >>> saying "I approve" is as likely to stand up in any court just as easily as >>> a >>> jpg signature. Considering the route the signature takes and the people >>> having access to it, One could argue that someone just stole the file and >>> forged my timesheet. >>> Here is a scenario. I give you my manager my timesheet with my jpg sig. You >>> then change my timesheet (deducting hours) and pass it on. What good is >>> that >>> signature now? Sure, it has my name on it, but you changed it and nobody >>> can >>> really prove it. Of course the file will show it was changed, but it would >>> have shown that anyway since you put your signature in it. >>> >>> No offense intended Joe, but this whole process is nothing but dangerous >>> and >>> ineffective. Dangerous to staff and the business as well and has left you >>> open to substantial risk (see Salvador's comment regarding CA laws). >>> >>> There are dozens if not hundreds of available online timesheet >>> applications. >>> I'll bet even some open source ones that could be used to process the whole >>> thing. It would not most likely be more secure, but more effective, save >>> time, and give you great records keeping. This isn't reinventing the >>> wheel. >>> >>> -----Original Message----- >>> From: Tim Evans [mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> Sent: Saturday, February 23, 2008 8:10 AM >>> To: NT System Admin Issues >>> Subject: RE: Handling of confidential files >>> >>> Actually, the newer versions of Excel (2003 & 2007) have pretty good >>> encryption routines for the spreadsheet itself. VBA protection sucks. Of >>> course, you have to choose a good password for it to do any good. >>> >>> ...Tim >>> >>> >>>> > -----Original Message----- >>>> > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] >>>> <mailto:[EMAIL PROTECTED]> >>>> > Sent: Friday, February 22, 2008 5:10 PM >>>> > To: NT System Admin Issues >>>> > Subject: Re: Handling of confidential files >>>> > >>>> > Ss# and email = ss# getting owned. >>>> > Password protected .xls is like wep on wireless. Its only going to >>>> > stop casual snoop. My boss had me break a .xls password last week. >>>> > Took less than 30 seconds to break. >>>> > >>>> > Matt >>>> > >>>> > >>>> > >>>> > On 2/22/08, Durf <[EMAIL PROTECTED]> wrote: >>>>> > > You want a "drop" folder: >>>>> > > >>>>> > > >>> http://technet2.microsoft.com/windowsserver/en/library/86987829-3f74- >>>> > 412f-abb8-c8b22b07257d1033.mspx?mfr=true >>>>> > > >>>>> > > -- Durf >>>>> > > >>>>> > > On Fri, Feb 22, 2008 at 3:21 PM, Joe Heaton <[EMAIL PROTECTED]> >>>> > wrote: >>>>> > > >>>>>> > > > I need some alternatives to a specific process. The process in >>>> > question >>>>>> > > > is timesheets. Our timesheets are Excel spreadsheets, which are >>>> > processed >>>>>> > > > as follows: >>>>>> > > > >>>>>> > > > 1) All timesheets are located in the user's home folder. At the >>>> > end of >>>>>> > > > the month, the user goes in, updates for the current month, copies >>>> > a .jpg >>>>> > > of >>>>>> > > > their signature onto the current month's sheet, and forwards the >>>> > timesheet >>>>>> > > > to their manager via e-mail attachment. >>>>>> > > > 2) The manager opens the timesheets for their employees, verifies >>>> > it, and >>>>>> > > > copies a .jpg of their signature onto the current month's sheet, >>>> > and >>>>>> > > > forwards the timesheets to a specific admin employee, via e-mail >>>>>> > > > attachments. >>>>>> > > > 3) The admin employee takes the attachments, and copies them into >>>>>> > > > a folder on a server, from which the timesheets are then >>>> > "processed" and >>>>>> > > > sent to another agency, to be further processed for paycheck >>>> > issuance. >>>>>> > > > >>>>>> > > > >>>>>> > > > My question to my boss, is why can't we just have the managers >>> move >>>> > the >>>>>> > > > timesheets for their employees into the folder on the server, >>>> > instead of >>>>>> > > > e-mailing them a second time. In fact, we could have all >>>> > processing done >>>>>> > > > within that folder to begin with, without having to e-mail the >>>> > files >>>>>> > > > anywhere. >>>>>> > > > >>>>>> > > > The issue that comes up, is how to prevent someone from another >>>> > department >>>>>> > > > from opening someone else's timesheet. The big concern there is >>>> > that the >>>>>> > > > timesheets not only contain .jpgs of people's signatures, but also >>>> > contain >>>>>> > > > SSNs. >>>>>> > > > >>>>>> > > > My thought is to set permissions on the folder so that people can >>>> > place >>>>>> > > > files there, but not be able to open them once they are there. Is >>>> > that >>>>>> > > > possible with NTFS rights? I will do research on it, but I'm >>>> > hoping that >>>>>> > > > someone has already run into this type of issue and has an answer >>>> > already. >>>>>> > > > >>>>>> > > > Thanks, >>>>>> > > > >>>>>> > > > Joe Heaton >>>>>> > > > AISA >>>>>> > > > Employment Training Panel >>>>>> > > > 1100 J Street, 4th Floor >>>>>> > > > Sacramento, CA 95814 >>>>>> > > > (916) 327-5276 >>>>>> > > > [EMAIL PROTECTED] >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>> > > >>>>> > > >>>>> > > -- >>>>> > > -------------- >>>>> > > Give a man a fish, and he'll eat for a day. >>>>> > > Give a fish a man, and he'll eat for weeks! >>>>> > > >>>>> > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>>> > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> > >>>> > -- >>>> > Sent from Gmail for mobile | mobile.google.com >>>> <http://mobile.google.com/> >>>> > >>>> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> No virus found in this incoming message. >>> Checked by AVG Free Edition. >>> Version: 7.5.516 / Virus Database: 269.20.9/1294 - Release Date: 2/22/2008 >>> 6:39 PM >>> >>> >>> No virus found in this outgoing message. >>> Checked by AVG Free Edition. >>> Version: 7.5.516 / Virus Database: 269.20.9/1294 - Release Date: 2/22/2008 >>> 6:39 PM >>> >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> >>> >>> >>> --- >>> Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL >>> PROTECTED] ] >>> Auxiliary Services IT, Datacenter >>> University of Southern California >>> 818-612-5112 >>> In matters of style, swim with the current; in matters of principle, stand >>> like a rock. Thomas Jefferson >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ----- >>> Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL >>> PROTECTED] ] >>> Auxiliary Services IT, Datacenter >>> University of Southern California >>> 818-612-5112 >>> An avidity to punish is always dangerous to liberty. It leads men to >>> stretch, to misinterpret, and to misapply even the best of laws. He that >>> would make his own liberty secure must guard even his enemy from oppression; >>> for if he violates this duty he establishes a precedent that will reach to >>> himself. >>> Thomas Paine, "Dissertation on First Principles of Government" ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
