Actions You Should Take to Protect Student and Employee SSNs

Since the Social Security Number has historically been used as id numbers for students, faculty and staff, there still are many departmental databases, systems and reports that use SSN. Below are procedures that you should adopt as soon as possible to protect the confidentiality of SSNs:

• Do not ask for or collect SSNs on any departmental forms unless explicitly authorized by Human Resources (for employees) or Enrollment Services (for students). Please review and modify your forms as necessary.
• Use CWID (for students) and V-number (for employees) as identification numbers.
• Remove SSN from any departmental databases or systems unless explicitly approved by Human Resources or Enrollment Services.
• Do not provide SSNs to other University departments or outside organizations unless explicitly approved by Human Resources or Enrollment Services.
• Do not require the use of SSN (or portions of SSN) as the sole method to log into on-line applications.
• Remove SSN from any listings or reports of students or employees.
• Minimize the storage of files and documents containing personal information on desktop and laptop computers. Instead, store these records on central files servers that are properly secured and maintained. Where storage of personal information on desktop or laptop computers is absolutely necessary, use encryption software to protect unauthorized access to these files. Consult your computer support staff for assistance in implementing these requirements.
• Do not store files or documents with personal information of students, faculty, or staff on home or personal desktop and laptop computers.