[OPEN-ILS-DEV] Feature proposal: SSN-censoring functionality

Peters, Michael MRPeters at library.IN.gov
Mon Aug 27 11:51:06 EDT 2012 

Just for some perspective, Evergreen Indiana removed the SSN ident_type / label in 2011.  We gave libraries 30 days' notice to get rid of them (they were already outlawed by our policies, anyways).  We then purged our database of any entries that appeared to be SSN's and any that referred directly to the SSN label.

If you want to rip it out yourself right now, I just simply added this block of code to prevent it from being used on new or edited records during those 30 days.

In Open-ILS/web/js/ui/default/actor/user/register.js, modify the ident_type case as shown:

           case 'ident_type':
                widget.widget.isValid = function() {
                    if(this.attr("value") == 2) return false; return true;
                };
               break;

After that time, just simply run this SQL (as always, make a backup!) to get rid of them:

-- Reset any SSN's to empty strings, change to "Other" type
UPDATE actor.usr SET ident_type = 3, ident_value = '' WHERE ident_type = 2;

-- Delete the SSN identification_type (id=2) to prevent further use
DELETE FROM config.identification_type WHERE id = 2;

I imagine this could be used to build an upgrade script, as well, if the community decides to disable the SSN ident_type.  An even better script would use regex to delete anything with the "Other" type that matches the standards for SSN's.  We would, of course, need to be sure these didn't match valid driver's license numbers, or anything like that that might have been entered there.

Sincerely,
Michael Peters
Indiana State Library MIS | Inspire.IN.gov Helpdesk | Evergreen Indiana Helpdesk
office - 317.234.2128
email - mrpeters at library.in.gov


-----Original Message-----
From: open-ils-dev-bounces at list.georgialibraries.org [mailto:open-ils-dev-bounces at list.georgialibraries.org] On Behalf Of Jason Stephenson
Sent: Monday, August 27, 2012 11:33 AM
To: Open-ILS Dev
Subject: Re: [OPEN-ILS-DEV] Feature proposal: SSN-censoring functionality

Quoting Jason Stephenson <jstephenson at mvlc.org<mailto:jstephenson at mvlc.org>>:

> Stepping down from my soapbox, I see absolutely no reason for a US
> library to store a patron's SSN. A drivers' license number, perhaps,
> but not the SSN. My suggestion is to delete the field, and if
> someone needs to track such an identifier then let them figure it
> out within the bounds of their local law.

Of course, after saying the above, I realize that their isn't a SSN
field in the patron record, but the user ident_type and ident fields.
I guess the SSN label should be removed or whatever.

Frankly, it shouldn't be a technical issue. It is a policy issue to be
determined by each Evergreen user (and I use that term loosely). It's
also not unique to Evergreen.


--
Jason Stephenson
Assistant Director for Technology Services
Merrimack Valley Library Consortium
Chief Bug Wrangler, Evergreen ILS

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-dev/attachments/20120827/4defffe9/attachment.htm>

More information about the Open-ils-dev mailing list