Just for some perspective, Evergreen Indiana removed the SSN ident_type / label
in 2011. We gave libraries 30 days' notice to get rid of them (they were
already outlawed by our policies, anyways). We then purged our database of any
entries that appeared to be SSN's and any that referred directly to the SSN
label.
If you want to rip it out yourself right now, I just simply added this block of
code to prevent it from being used on new or edited records during those 30
days.
In Open-ILS/web/js/ui/default/actor/user/register.js, modify the ident_type
case as shown:
case 'ident_type':
widget.widget.isValid = function() {
if(this.attr("value") == 2) return false; return true;
};
break;
After that time, just simply run this SQL (as always, make a backup!) to get
rid of them:
-- Reset any SSN's to empty strings, change to "Other" type
UPDATE actor.usr SET ident_type = 3, ident_value = '' WHERE ident_type = 2;
-- Delete the SSN identification_type (id=2) to prevent further use
DELETE FROM config.identification_type WHERE id = 2;
I imagine this could be used to build an upgrade script, as well, if the
community decides to disable the SSN ident_type. An even better script would
use regex to delete anything with the "Other" type that matches the standards
for SSN's. We would, of course, need to be sure these didn't match valid
driver's license numbers, or anything like that that might have been entered
there.
Sincerely,
Michael Peters
Indiana State Library MIS | Inspire.IN.gov Helpdesk | Evergreen Indiana Helpdesk
office - 317.234.2128
email - [email protected]
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jason
Stephenson
Sent: Monday, August 27, 2012 11:33 AM
To: Open-ILS Dev
Subject: Re: [OPEN-ILS-DEV] Feature proposal: SSN-censoring functionality
Quoting Jason Stephenson <[email protected]<mailto:[email protected]>>:
> Stepping down from my soapbox, I see absolutely no reason for a US
> library to store a patron's SSN. A drivers' license number, perhaps,
> but not the SSN. My suggestion is to delete the field, and if
> someone needs to track such an identifier then let them figure it
> out within the bounds of their local law.
Of course, after saying the above, I realize that their isn't a SSN
field in the patron record, but the user ident_type and ident fields.
I guess the SSN label should be removed or whatever.
Frankly, it shouldn't be a technical issue. It is a policy issue to be
determined by each Evergreen user (and I use that term loosely). It's
also not unique to Evergreen.
--
Jason Stephenson
Assistant Director for Technology Services
Merrimack Valley Library Consortium
Chief Bug Wrangler, Evergreen ILS
