On
Privacy Practices at Penn
February
22, 2002
Dear
Penn Staff Member:
We
are writing to address an important topic that affects all of
our lives, and the lives of the greater Penn community--that is,
privacy. As University administrators, handling a wide array of
personal information about students, faculty, staff, patients,
and others, we must be vigilant in ensuring that such information
is protected from unauthorized access, unauthorized disclosure,
and misuse.
Today,
we ask you to examine your office's information practices and
to make sure that you are responsibly maintaining and using personal
information. Special care should be taken to safeguard people's
most sensitive information, including their medical records, financial
data, and Social Security numbers. For example, when a unique
identifier is needed on forms created or processed by your office,
the form should ask for a Penn ID, and not an individual's Social
Security number, unless there is a reason dictating that the actual
number be supplied--such as tax forms, financial assistance forms,
etc. If there is such a need, then the Social Security number
should be used only for the specific purpose for which it was
intended.
Penn
is working to safeguard the privacy of information pertaining
to the individuals in our community. Our collective role in that
endeavor is critical. We are pleased to report that various administrative
offices continue to make significant progress in reducing the
visibility of SSN on a wide range of reports and forms. Notable
recent examples include the pay advice, class enrollment lists
and grade sheets. We are continuing to explore other privacy issues
affecting the University and Health System and will keep you apprised
of additional measures we identify to safeguard personal information.
As we increasingly raise awareness of privacy issues and take
concrete actions to protect personal data, we are better able
to maintain the solid trust that so many individuals in the Penn
community place in us.
If
you have questions or seek advice on privacy-related matters,
many resources are available to you. As announced in
this edition of Almanac, Penn has appointed Lauren
Steinfeld as its first Chief Privacy Officer. Ms. Steinfeld was
formerly Associate Chief Counselor for Privacy in the Clinton
White House and we're fortunate to have her here to coordinate
efforts throughout the University to protect personal privacy.
Through collaboration among the Chief Privacy Officer, the Office
of Audit and Compliance, the Office of the Provost, the Office
of General Counsel, and other resources, we will continue to ensure
that you have the necessary information to understand privacy
issues and how they relate to your organizational unit. A voicemail
box has been set up at 1-888-BEN-TIPS to receive your comments
or questions.
We
thank you for your cooperation in this effort, and look forward
to working with you in the future to build upon our accomplishments
to date in this important area.
-- Robert
Barchi, Provost
-- John A. Fry, Executive Vice President