Securing Social Security Numbers in Escape Online
Securing your social security number is important. Even your wallet isn't safe! For businesses, the IRS recommends that access to social security numbers be safeguarded. Escape Technology takes this seriously. After all, Escape employees have social security numbers and some of us have had issues with identity theft. We do not take this task lightly. So, in our latest release 14.03, we have created a strong hierarchy of permissions for accessing social security numbers.
Each activity that has the potential to display a social security number now checks the user's permissions before the list or form is show. If you have access to view an SSN, then you will be able to see the full SSN. If you also have access to edit an SSN, then you will be able to edit the SSN.
If you do not have view access, you will only be able to see the SSN4 on the list, in the form and on the grid. Yes, even the grid is protected.
We have really parsed this out to ensure that users have access to ONLY those SSNs that are necessary for their job. So, credential holders have a permission separate from employees, separate from retirees, separate from vendors, etc.
Each "type" of record, be it credential or employee, has a separate user-based permission controlling access. In other words, if you do not have access to the View SSN task in the Credential Holders activity, you will not be able to see the full SSN of the credential holder anywhere in the software.
Editing an SSN
As I said above, viewing and editing are controlled separately. This is true safeguarding. Just because you can see an employee's SSN, doesn't mean you should be able to change it. So, there are two tasks: View SSN and Edit SSN. If you need to be able to edit an SSN, you can use the task to edit it. If you only need to be able to view it, then you can be limited to just the View SSN task.
For even more reliability, we implemented a two-step process for entering social security numbers. When you are in the Employment Management activity, you must enter the employee's SSN twice. This will reduce errors introduced into payroll through incorrect SSNs.
Viewing an SSN
Escape users have grown to love the feature where you could roll your mouse over a banner and see the employee's full SSN. It was so convenient, but it was also too easy. So, we have removed that hover over feature and replaced it with an Escape key: Ctrl+I. It is still convenient. And, it is still easy, but it is so much more secure. No one is going to type that key combination accidentally. It becomes a deliberate act, which is perfect. And, of course, the key combination is controlled by the user-based permissions for viewing SSNs.
There are a lot of reports that contain social security numbers, as it should be. Social security numbers are how we report earnings to government agencies. You cannot just stop giving the government what it asks for. We have worked with our customers to build a "report safeguard" on top of the user-based permissions, including some really nice rules for controlling SSNs that are embedded in reports.
Now if you do not have access to view a social security number in a form (via user-based permission), you will not be able to view it on a report. For example, if you do not have access to view the SSN of an employee, you will not be able to see the full social security number on their W2 snapshot. The same is true for vendors, retirees and dependents. If you do not have access to view the SSN in the Vendors record or the Persons record or the Benefits tab of the Employee's record, respectively, you will not be able to see the full SSN on the report, regardless of how you fill out the Full SSN (y/n) parameter.
The report rules are in place even if you didn't run the report, like someone sent it to your My Reports activity via report distribution, or you are viewing it in the Report Warehouse. Escape Online knows that the report contains a full SSN and displays the SSN4 if you do not have the appropriate access.
For example, if an HR Manager with access for viewing an SSN runs a Benefit report that contains the full SSN for all principals (using report distribution) and the principals do not have access for viewing the full SSN, all of the principals will get the report in their My Reports with the SSN4, not the full SSN.
However, if the report contains the full SSN and it is forwarded to a user that does not have the appropriate access, My Reports will suppress the listing of the report. In other words, the report will not show on the list at all. Using the same example as above, if the HR Manager forwarded that report to all of those principals, the report would not show up on any of their My Reports lists.
We believe we have devised a secure and sensible set of rules for safeguarding social security numbers. If you have questions or suggestions for improvement, please contact your Escape Customer Care representative.