Blog

Protecting personal information takes a united effort

Protecting one’s personal information in an increasingly digital world has required people to become more aware of what they can do to shield such details as banking information or one’s date of birth from digital thieves trying to steal our identity or money.

Organizations who receive this personal information for legitimate reasons, such as your bank, your children’s school, or your parish, also have an obligation to keep that information secure.

There are many measures which our parishes and schools are using to ensure the security of your information. For instance, St. Peter School in Jefferson City has been using biometrics technology for ten years to keep the identities of their students secure. Biometric technology has been used in schools in the United States since 1997 and is also used for cell phone passwords, in law enforcement, banks, health care, cyber security, human resources and elections.

There are three biometric scan options regularly used in the United States: fingerprint, facial recognition and retinal scans. Retinal scans require costly equipment; facial recognition is less costly and is even used on smartphones. However, the accuracy of facial recognition for growing school-aged children is not optimal. Fingerprint scans, which are already in use on many laptops, solves both the accuracy and cost concerns. None of these methods store images. Instead, the scanner converts what it sees into a unique hash tag or number. It is also not possible to reverse that unique identifier to get back to the original image.

For fingerprint biometrics technology, the scan registers several points on the fingerprint, translates that information into a series of numbers, and matches that code to the students’ record inside the school’s information system. Schools use this technology for school entry, library books, website access, and most commonly, for lunch programs. It ensures physical identification cards aren’t being lost or stolen and makes it unnecessary to print or distribute lists with personal information.

Using biometric technology is just one way our schools and parishes can assist parishioners to keep their personal information secure.

Another way we can help is to reduce the number of times students’ and parishioners’ personal information is transferred from one system to another.

For example, when I donate or buy something using my credit card, that transaction passes through several entities. Usually there’s my credit card company, the receiving bank and a transferring vendor which “talks” to both financial institutions. Furthermore, the entity receiving my money, whether it is Amazon or my parish, also needs to have some details of the transaction. Using companies which are PCI compliant is a first step for ensuring security. These companies adhere to the Payment Card Industry Data Security Standard (PCI DSS) and undergo annual, independent auditing. They can assist nonprofits in ensuring they receive transaction information from individuals in a secure, encrypted manner.

But that’s just one step. The Diocese is also recommending parishes and schools consider using two of the largest software providers for private schools and for nonprofits: FACTS for our school information systems and Blackbaud for parish information systems.

There are many reasons why the Diocese is making this recommendation, but in relation to parishioner data security, both are leading providers in their areas of expertise. As a result, they have a significant investment in ensuring their systems adhere, and sometimes exceed, the standards set by both the industry and the government. Their commitment to meeting the requirements of the Health Insurance Portability and Accountability Act (HIPAA) is one example. Both FACTS and Blackbaud are audited annually against the Statement of Standards for Attestation Engagement (SSAE).

There is another benefit, security-wise, for our parishes and schools to use Blackbaud and FACTS: it will reduce the number of companies assisting us in exchanging information.

For instance, with one school information system being used across our diocese, the superintendent’s office can run reports required by accreditation agencies without our schools having to provide this information via email or postal mail.

The chance of outsiders being able to intercept this information, whether digital or paper, is reduced by giving authorized personnel access to a database which is maintained by the highest security standards available. No need for Microsoft, Google, Yahoo or any other email provider to be intermediaries.

Both FACTS and Blackbaud offer “turn-key” solutions: their products can serve the many needs of a school, a school system, a parish, and a diocese. Most importantly, these companies are assisting diocesan personnel in keeping our promise to work with parishioners and school families in guarding against identity theft and other unacceptable uses of personal information.