Friday Feature - Securing Social Security Numbers

If you are a regular reader of Friday Features (I hope you are!), then you know how seriously I take matters of privacy and security. I am not alone in my vigilance.  It is part of Escape's company culture. 

Escape Technology recognizes and respects everyone’s need for privacy. Therefore, we have secured the access to social security numbers. System managers have the means to explicitly control the ability to view and/or edit a social security number, user by user, activity by activity (i.e., Vendors, Independent Contractors, Vendor 1099).

To facilitate this control, we designed two tasks: View SSN and Edit SSN, each with its own set of permissions. So, if you want Celeste to be able to view SSNs in Vendor records, you can give Celeste access to the View SSN record for the Vendors activity. If you want Michael to have access to View and Edit SSNs for employees, you can give Michael access to both tasks for the Employee Management activity.

In this scenario, Celeste cannot edit a vendor SSN, nor see or edit any SSN from any other activity. The same is true for Michael. He can add and or edit an employee's SSN, but not a vendor's.

Over the next few Friday Features, we will discuss this in depth, talking about masking (only seeing the last four of an SSN), defining permission, using Escape keys (quick access to pop-up dialogs that show the SSN), applying SSN permissions to reports and more.

Leslie BaileyComment