CalMail and secure info

Thread: CalMail and secure info

Search this list only Search all lists
CalMail and secure info
	2006-05-27 18:10:21

F.Y.I. Yes, my office is following up on this. -K.E. Begin forwarded message: From: Bernie Rossi <berkeley.edu">rossiberkeley.edu> Date: May 26, 2006 2:05:12 PM PDT To: Michael Rimar <berkeley.edu">mrmrberkeley.edu>, uclink.berkeley.edu">micronet-listuclink.berkeley.edu, lists.berkeley.edu">magnet-listlists.berkeley.edu, berkeley.edu">consultberkeley.edu Cc: berkeley.edu">hrwebberkeley.edu, uclink.berkeley.edu">camillenuclink.berkeley.edu, uclin4.berkeley.edu">terricuclin4.berkeley.edu Subject: [Micronet] Re: [MAGNet] CalMail and secure info Hi Michael, There are two aspects to this question, the technical and the policy. As for the technical side, if the message is sent from CalMail to CalMail, then the transport would be secure. Once on CalMail, it is stored in plain text, which if hacked could be vulnerable. This is true with any email system. As far as I can see, they are not using any encryption on these messages. If the message is sent from outside CalMail, then it is subject to the vagrancies of the network and anything could happen prior to it getting to us. Then, of course, as Aron just reminded me, if the person sending the message is keeping copies of their outgoing mail, there is the issue of the social security number being stored on their computer. As for the policy side, that is for the IT Policy Office to respond to. I have forwarded your message to them, they will respond accordingly. Thanks, Bernie Rossi CalMail Consulting At 1:34 PM -0700 5/26/06, Michael Rimar wrote: Hello I was surprised to see this suggestion on the HR website: 1. When hiring an employee who claims to have already cleared a campus criminal background check, how can departments accurately verify a previous fingerprint session? 2. To find out if an individual has already had a criminal background check, departments can send the UC Police Department the full name, date of birth, and social security number of the individual in question to: uclink.berkeley.edu">camillenuclink.berkeley.edu or uclin4.berkeley.edu">terricuclin4.berkeley.edu I've always followed the proscription against emailing such info. Is Calmail's use of secured connections sufficient to make this not an issue? Thanks, Michael ------------------------------ Michael Rimar Administrative Assistant UC Botanical Garden 200 Centennial Drive #5045 Berkeley, CA 94720-5045 510-642-0849 fax 510-642-3012 http://botanicalgarden.berkeley.edu
CalMail and secure info
	2006-05-30 20:02:46

Thanks to Michael for noticing this and questioning it. Cheers, Patrick At 11:10 AM 5/27/2006, Karen Eft wrote: F.Y.I. Yes, my office is following up on this. -K.E. Begin forwarded message: From: Bernie Rossi <berkeley.edu">rossiberkeley.edu> Date: May 26, 2006 2:05:12 PM PDT To: Michael Rimar <berkeley.edu">mrmrberkeley.edu>, uclink.berkeley.edu"> micronet-listuclink.berkeley.edu, lists.berkeley.edu"> magnet-listlists.berkeley.edu, berkeley.edu">consultberkeley.edu Cc: berkeley.edu">hrwebberkeley.edu, uclink.berkeley.edu"> camillenuclink.berkeley.edu, uclin4.berkeley.edu">terricuclin4.berkeley.edu Subject: [Micronet] Re: [MAGNet] CalMail and secure info Hi Michael, There are two aspects to this question, the technical and the policy. As for the technical side, if the message is sent from CalMail to CalMail, then the transport would be secure.  Once on CalMail, it is stored in plain text, which if hacked could be vulnerable. This is true with any email system.  As far as I can see, they are not using any encryption on these messages. If the message is sent from outside CalMail, then it is subject to the vagrancies of the network and anything could happen prior to it getting to us. Then, of course, as Aron just reminded me, if the person sending the message is keeping copies of their outgoing mail, there is the issue of the social security number being stored on their computer. As for the policy side, that is for the IT Policy Office to respond to. I have forwarded your message to them, they will respond accordingly. Thanks, Bernie Rossi CalMail Consulting At 1:34 PM -0700 5/26/06, Michael Rimar wrote: Hello I was surprised to see this suggestion on the HR website: 1.          When hiring an employee who claims to have already cleared a campus criminal background check, how can departments accurately verify a previous fingerprint session? 2.          To find out if an individual has already had a criminal background check, departments can send the UC Police Department the full name, date of birth, and social security number of the individual in question to: uclink.berkeley.edu"> camillenuclink.berkeley.edu or uclin4.berkeley.edu">terricuclin4.berkeley.edu I've always followed the proscription against emailing such info. Is Calmail's use of secured connections sufficient to make this not an issue? Thanks, Michael ------------------------------ Michael Rimar Administrative Assistant UC Botanical Garden 200 Centennial Drive #5045 Berkeley, CA 94720-5045 510-642-0849 fax 510-642-3012 http://botanicalgarden.berkeley.edu

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )