Talking with a few other here's a couple of things that may be problematic at squadrons:
1. A copy of the completed membership application (which includes social security number as well as date of birth information) is retained in a locked cabinet (but the key is not kept on the individual person but kept in a special place). It is unknown how many members know about the special place.
2. IF a member gives a check for their squadron dues a copy of the check is retained. Some units have retained two or more years of checks, even after the checks have cleared the bank and the next dues statement has been sent to the members. Copies of checks are also kept in a locked cabinet.
It would seem to me that once a membership is accept by National HQ, there is no reason at least for SSAN and DOB information to be kept at the unit and perhaps this information could just be blacked out if the unit needs to keep a copy of the membership application on file.
For squadron dues it would seem to me that a numbered receipt book would be sufficient to track payments by cash or check and the check # could just be written on the receipt as a cross reference.
What was surprising is the entire IG inspection system at wing and below seems to be like deers in the headlights regarding ensuring that this type of information is NOT kept permanently at the unit level once records have been updated at National or a local dues payments data base and that either the information is blacked out or is destroyed via appropriate shedding machine.
RM
I don't think even NHQ shoud keep DOB information on file. This single change would allow us to grow the cadet program by 15% a year!
(No cadet would ever age out . . . )
Seriously, how times have changed. It wasn't that long ago that SSNs were used as CAP serial numbers and appeared in full on every set of orders we wrote. Often hanging on the unit bulletin board.
Quote from: Ned on April 24, 2011, 10:09:59 PM
I don't think even NHQ shoud keep DOB information on file. This single change would allow us to grow the cadet program by 15% a year!
(No cadet would ever age out . . . )
Seriously, how times have changed. It wasn't that long ago that SSNs were used as CAP serial numbers and appeared in full on every set of orders we wrote. Often hanging on the unit bulletin board.
Isn't that DOB information entered into the CAP data base anyways so once the cadet or senior is accepted for membership and receives and ID card there's no reason for that information to be kept in hard copy at the unit level. ???
RM
I realize the need of keeping the DOB on file, although I have seen with most businesses that the social is shown ONLY as the last four numbers. That I can agree with, but the need to keep the entire number is ridiculous. As for the age, with certain cadet activities (such as ones requiring you to be 14+, of cadets driving to and from meetings ensuring they actually are 16), I feel this information should be kept on file. Not to mention, in the event of an emergency requiring paramedics or hospital, (I can not remember the exact formula) medications are distributed based on height, weight, sometimes age, and other factors. So yeah, it should be on file, although, not as accessible.
There's absolutely no reason to keep copies of checks. As the treasurer of an organization that handles more money than a squadron will ever see, I can tell you it's not part of our accounting procedures. We note the check number in the ledger, but that's all.
Social security numbers should be redacted; there's no need to keep them on file. Even an MSA uses just the last four numbers. DOBs are needed for verification of age, but they're readily available through eServices.
Some squadrons may still have ancient membership rosters laying around with SSNs on them that probably should be tossed or at a minimum have the SSNs blacked out if there is a need to keep them for historical purposes.
(note that the membership application still says that CAP may use it as an id number).
Quote from: EMT-83 on April 25, 2011, 01:12:41 AM
but they're readily available through eServices.
Not any more. The only thing it tells you is over or under 18.
DOB is available as part of CAPWatch text file downloads, but who can download that data, and at what level is fairly
well restricted to people with a theoretical need to know.
In eServices, all I see for DOB is "Over / under 21" for seniors, and "Over / under 18" for cadets.
To answer the thread title, no. CAP squadrons keep too much "personally identifiable information" (PII) around under poor security.
This is the reason I don't believe the automatic submission of DD-214s should be required, per the other thread. There's really no reason now to keep local files around on CAP members - info in e-Services is good enough. Once someone in authority has verified whatever document is needed, and the grade, or PME equivalence or whatever is recorded, then copies of the material should be returned to the member or destroyed.
We keep no records at the squadron. It's all online now anyway. Why copy checks? Why copy membership applications? Except for old-style cadet test sheets (not done for newer cadets), we don't do paper.
Quote from: Thrash on April 25, 2011, 02:00:19 PMWhy copy membership applications?
Because it's required by 39-2.
Couple of notes to keep in mind:
1. Last four of the SSN is just about the same as using the entire SSN. C&A for many Fed HR systems do not allow SSN (or the last four of the SSN) to be used unencrypted. The first three of the SSN are a geo code, the middle two have only 15 - 16 used combinations. There are web sites that'll help you build the entire SSN from the last four. Don't use it.
2. DOB; go into your personal data on CAP and make a "typo" on DOB. If you're an adult, make it approx. correct, but not exact.
3. My region had a breach (kloss, actually, no breach proven) and I couldn't gey squat out of management about the nature of the loss, or follow-on corrective action.
4. Pilots - WMIRS uses SSN; email them and ask to use something diffrent for your personal details. When I dropped out of active participation, they were kind enough to delete my PII on request.
5. Don't print you SSN on your checks. Heck, you can usually get them without your address. Not too much hassle unless you pay over the counter by check a lot.
S'Dog