Since that disclosure over 11,000 hours of effort have been directed at examining, eliminating, or encrypting regular transfers of sensitive personal information, with the result being a 93% reduction in the routine transfer of such files. Additionally, where such transfers are required for business or regulatory purposes, the sensitive personal information is encrypted so as to reduce the risk of inadvertent disclosure should the file be lost or intercepted.
For my organization, completing this work was a mammoth effort that required us to turn the strategic direction of our application development teams on a dime so that they could focus on this project and complete this necessary work. For CIOs and IT organizations trying to get their hands around big projects that sometimes lack momentum, here’s what worked for us.
- Depend on your best and brightest. The project succeeded because it was led by the right team of individuals who, possessing the right competencies, were ready to take on a project of this magnitude. I’ve yet to be let down when handing off our biggest challenges to our best and brightest employees.
- Clear their plate of all other responsibilities, there must be no distractions. Big projects require focus, so when assigning your team a big project you must clear their plate of all other responsibilities. Otherwise, the priority work really isn’t a priority.
- Support from those outside IT is critical. In the case of our remediation efforts, the tradeoff for prioritizing this work was less attention for regular, routine requests for application support. Having support from our University leadership and administrative departments for this shift in resources was critical.
Last year I wrote a piece for EDUCAUSE Quarterly called "Outsource the Transactional, Keep the Transformative" where I argued that we need to keep strategic activities in-sourced and that more transactional IT support activities are stronger candidates for outsourcing. I think that many times we get this backwards, particularly when we hire expensive teams of consultants to tell us what to do about complex problems we don't fully understand. Our approach to UGA's SSN remediation efforts mirror what I believe is the right approach. The thought leadership about what we should do, how we should do it, and when was accomplished by our management team in EITS, led by Jenna King. When we needed more help with the more transactional parts of the project, specifically the editing of mainframe programs and JCL's, we turned to a third-party IT services firm for additional support. This is what "Outsource the Transactional, Keep the Transformative" looks like in reality. In my fifteen years in this business, I have never been more proud of the work of a group of individuals.