Thursday, April 23, 1998
The Michigan Jobs Commission today announced that they are developing a plan to remove Social Security Numbers from their popular Talent Bank resume system. The commission is also seeking a legal opinion regarding the U.S. Department of Labor's ability to mandate use of the numbers. "We never wanted and don't need Social Security Numbers on our resume system," said Doug Rothwell, CEO and Department Director of the Michigan Jobs Commission. "The reason we encouraged their use in the first place is because the U.S. Department of Labor has made it clear that they want to mandate the use of Social Security Numbers on this system. We strongly opposed that mandate and, based on our current experience, our opposition is now even stronger." An international Internet security firm hired by the Jobs Commission began work today on the Talent Bank to ensure that the system remains safe. The system has been modified twice in recent weeks to beef up security measures and guarantee users' privacy. While users were never required to use Social Security Numbers as their user ID, many did. The improved Jobs Commission system will not accept them. The international Internet security firm, International Computer Security Association, began scanning the Talent Bank's structure today. The firm will make further recommendations for improvements. "Even when the Social Security Numbers are gone, we will continue our commitment to top-notch security, so that only authorized employers are viewing people's resumes," Rothwell said. "Good security always requires good authentication of users," said Dr. Peter Tippett, President of ICSA. "The Jobs Commission is taking two big steps toward safeguarding the security and privacy of citizens' sensitive information. They are eliminating the use of social security numbers as the sole means of user authentication, and have committed to the rigorous, continuous certification and security assurance of their systems through the ICSA TruSecure process." Jobs Commission programmers have begun work on changes to the system. Once completed, users will be informed of their new user ID when they re-enter the system. They will then be given a chance to pick a new one. "Our system is secure, but when the Pentagon's computers are hacked despite the best security measures, we feel the safest path is to not have the numbers on our system," said Rothwell. "If that means we have to fight the U.S. Department of Labor's efforts in the other direction, so be it." ICSA is an independent organization that provides the world with Internet security assurance services. Established in 1989 as the National Computer Security Association (NCSA), the ICSA now has offices in North America, Europe and Asia. Visit the ICSA at www.icsa.net.