Comment 4 for bug 1566016

Hi Sam,

The bug is really more for the stock install than for existing systems.
Galen's patch will fix that. (I can test it and sign off if we need a sign
off, it's a straight forward patch.) But, if PINES or another library has
it as an existing type that would have to be addressed in an upgrade
script, along with what to do with the values in there. That wouldn't be
difficult but I don't know if we want to go that road with existing data in
systems.

If a library wants to remove the SSN option and wipe that data from an
existing db though that's a very simple bit of sql to do.

On Wed, May 25, 2016 at 2:03 PM, Sam Link <email address hidden>
wrote:

> I'm going to mark this as confirmed, since it is definite that patron
> SSNs are stored if provided as identification. The default in PINES is
> Driver's License, but SSN is still provided as an option, and SSNs still
> exist in the system.
>
> ** Changed in: evergreen/2.9
> Status: New => Confirmed
>
> --
> You received this bug notification because you are subscribed to
> Evergreen.
> Matching subscriptions: evergreenbugs
> https://bugs.launchpad.net/bugs/1566016
>
> Title:
> remove SSN as a stock patron ident type
>
> Status in Evergreen:
> New
> Status in Evergreen 2.9 series:
> Confirmed
>
> Bug description:
> It is not recommended that U.S. libraries collect and store Social
> Security numbers (SSNs), as an attacker who successfully compromises a
> library's patron database that contains SSNs would have access to
> enough data to perform identity theft. Consequently, the seed data
> should be updated to remove the SSN as a stock patron ident type.
>
> Evergreen master
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/evergreen/+bug/1566016/+subscriptions
>