Social Security Number Policy (VII.B.7)
Volume VII: Information Technology
Chapter B: Security
Issuing Office: OVPIT
Responsible Officer: VPIT
Responsible Office: OVPIT
Originally Issued: August 4, 2004
Revised: November 18, 2011
TABLE OF CONTENTS
Purdue University is dedicated to ensuring the privacy and proper handling of Social Security Numbers (SSNs) of its students, employees, and individuals associated with the University. The primary purpose of this Social Security Number policy is to ensure that the necessary procedures and awareness exist so that University employees and students comply with both the letter and the spirit of FERPA and Indiana Code Title 4 Article 1 Chapter 8 -- State Requests for Social Security Numbers, as amended from time to time. SSNs have been used in University systems to uniquely identify students and employees and to permit students and employees to gain access their own confidential information in University systems. As systems are updated and replaced, the reliance on SSNs will be reduced, as more fully explained in this policy.
This policy is guided by the following objectives:
- Broad awareness of the confidential nature of the SSN
- Reduced reliance upon the SSN for identification purposes
- Increased emphasis on secure use, transmission, and storage of the SSN throughout the Purdue systems
- A consistent policy toward and treatment of SSNs throughout the University
- Increased confidence by students and employees that SSNs are handled in a confidential manner.
It is Purdue University's intent to protect the SSN of its students, staff, and faculty to minimize the growing risks of identity theft.
Accordingly, the SSN may not be used as a common identifier or used as a database key in any electronic information system. The SSN may be collected and used when necessary for employment records, financial aid records, and a limited number of other business and governmental transactions, as required by law.
Purdue University will assign a Purdue University Identifier (PUID) and other credentials, like a password or a digital certificate, to an individual upon initial association with the University for identification and authentication, in order to eliminate the use of the SSN wherever possible.
The following are Purdue University policy regulations that apply to all campuses within the Purdue system:
- All new systems purchased or developed by Purdue will not use SSN as identifiers except where such use is specifically permitted or required under this policy. Such systems should not visually display the SSN on any system output, including monitors and printed forms, unless required by law or required by Purdue University as needed in execution of its duties.
- Each individual associated with Purdue will be assigned a PUID that is not the same as, or based upon, the individual's SSN or other unique demographic information.
- No new system or technology, where the SSN is a consideration, will be developed or purchased by Purdue unless it is compliant with this policy or approved by the assigned SSN Administrator as an exception.
- All University forms and documents that collect SSNs will use the appropriate language to indicate whether request is voluntary or mandatory.
- In accordance with Indiana Code Title 4 Article 1 Chapter 8, or any successor legislation thereto, unless the University is legally required to collect an SSN, individuals will not be required to provide their SSNs verbally or in writing at any Point of Service, nor will they be denied access to those services should they refuse to provide an SSN. However, individuals may volunteer their SSNs if they wish as an alternate means of locating a record.
The assigned SSN Administrator for each campus will be responsible for the development of an implementation plan to monitor compliance with this policy.
An employee, student, volunteer, representative, contractor, or any other agent of Purdue University who has substantially breached the confidentiality of SSNs may be subject to disciplinary action or sanctions up to and including discharge or dismissal, in accordance with University policy and procedures.
For new and existing business needs unable to comply with these policy requirements, the Request for Security Exception Form must be approved by the IT Networks and Security organization at Purdue, the assigned campus SSN Administrator, and the System-Wide Coordinating Officer.
Each campus will assign an administrator the responsibility of overseeing SSN usage on his or her campus. These administrators control the SSN, and their prior written approval will be required to use the SSN in any new electronic system, or to use the SSN in any modifications to an existing system. Each campus is free to choose an SSN Administrator who best fits its individual administrative model. The assigned SSN Administrator will maintain the list of approved exceptions for his or her campus.
The Provost or Executive Vice President and Treasurer will appoint the System-Wide Coordinating Officer for system-wide issues. The System-Wide Coordinating Officer shall have the ultimate responsibility and authority over decisions and the application of this policy for all Purdue Campuses.
A University-wide PUID will be assigned to all students, employees, alumni, and other associated individuals, such as contractors or consultants. This PUID will be assigned at the earliest possible point of contact between the individual and the University. Except as permitted herein, the PUID will be used in all future electronic and paper data systems to identify, track, and service individuals associated with the University. The PUID will be permanently and uniquely associated with the individual to whom it is originally assigned.
The PUID will be considered the property of Purdue University, and its use and governance shall be at the discretion of the University, within the parameters of the law.
The PUID will be a component of a system that provides a mechanism for both the identification of individuals and a method of authentication. Except as specifically provided herein, all services rendered by Purdue University and electronic business systems will rely on the identification and authentication process provided by this same system.
Grades and other pieces of personal information will not be publicly posted or displayed in a manner where either the complete PUID or SSN, or partial PUID or SSN, are used to identify an individual.
In all new systems, SSNs will be transmitted electronically only through encrypted mechanisms.
Paper and electronic documents containing SSNs will be disposed of in a Secure Fashion in accordance with data-handling requirements, as defined by the administrative data owners.
SSNs will be released by the University to external entities only:
- As allowed or required by law; OR
- When permission is granted by the individual; OR
- When the external entity is acting as the University's contractor or agent and adequate security measures and agreements are in place to prevent unauthorized dissemination to third parties.
The SSN may continue to be collected and stored as a confidential attribute associated with an individual. The SSN will be used as:
- Required by law;
- A method to identify individuals for whom a PUID has not been created and not used for other internal processes; and
- A means to uniquely identify an individual for PUID assignment.
Phased Compliance Strategy:
Purdue University will adopt a Phased Compliance Strategy for its existing systems. All Schools, Departments, Divisions, and Business Units are strongly encouraged to complete the required system and process modifications to comply with this policy as soon as reasonably possible. Given the scope of process, system, and data changes required, a comprehensive compliance plan will be developed by each campus SSN Administrator.
|SSN Administrator(s)||Implementation of this policy statement and approval of SSN policy exceptions|
|All Purdue Stakeholders||Compliance with this policy statement|
|FERPA||Family Educational Rights and Privacy Act, as amended from time to time.|
|Phased Compliance Strategy||A strategy that attempts to define a multi-tiered approach to achieving compliance.|
|Point of Service||A physical or electronic interaction between the University and its employees, students, or other individuals, during which the University provides physical, educational, informational, or electronic services to the individual.|
|PUID||Purdue University Identifier assigned to an individual upon initial association with the University. Used for identification in electronic systems.|
|Secure Fashion||In the context of the destruction of paper and electronic documents, this refers to a method that defeats both casual and deliberate attempts at theft -- e.g., the shredding of documents containing Social Security Numbers and the use of ??confidential' recycling bins. For electronic documents, this refers to explicit deletion or storage on a device protected by a password-based security system using encryption.|
|SSN||Social Security Number|
|SSN Administrator||The administrator on each campus who is assigned the responsibility of overseeing SSN usage on his or her campus.|
|System-Wide Coordinating Officer||The individual appointed by the Provost or Executive Vice President to act as the coordinating officer for system-wide SSN issues.|
In support of this policy, the following forms are included:
| || |
The following documents provide further information related to FERPA and the Privacy Act of 1974:
The following document provides information on Indiana Code Title 4 Article 1 Chapter 8 -- State Requests for Social Security Numbers:
The following documents provide information on the security requirements for handling information developed by the appointed administrative data owners:
|Campus SSN Administrator (each campus)|
|IT Security and Policy Organization||(765) firstname.lastname@example.org|
November 18, 2011: Policy number changed to VII.B.7 (formerly V.5.1).
October 7, 2010: Updated hyperlink addresses.
January 28, 2010: Updated name of form and hyperlink to it.
December 14, 2007: Updated hyperlinks and contacts.
August 4, 2004: Supersedes Requesting Social Security Numbers for Educational, Employment, and Other Record-Keeping Purposes (Executive Memorandum No. B-54).