|[X] Close Window|
Frequently Asked Questions
A new FAQ posted 03/25/09 on the relationship between records retention and disposal requirements and SSN remedation.
General QuestionsWhy do we need to worry about protecting Social Security numbers?
As the SSN has grown in prevalence as a unique identifier it has become possible not only to discover a great deal of information about an individual, but also to initiate important business transactions using a person's SSN.What steps is the University planning to take to address SSN use?
Remediation requirements for business processes and computer systems on grounds are being developed and work is currently underway to implement them.What will be used in place of the SSN?
The University ID number will replace the SSN as the primary means of identifying individuals.Does this mean that I don't ever have to give the University my Social Security number?
Although we are working hard to minimize the University's need to solicit SSN, you will still need to provide your SSN in some circumstances. Employees must provide SSN for tax reporting purposes and students must provide SSN for certain academic transactions, processing of loans, scholarships, and tuition tax credits.I am still asked for my SSN while trying to transact business with the University. What's going on?
While we want everyone to be aware of the problems with divulging SSN, the process of moving away from SSNs and toward University IDs (involving hundreds of systems and millions of records) will take several years. Until this migration is complete please bear with us -- but don't hesitate to ask why the number is being requested and whether there is an alternative.
Policy Implementation QuestionsWho is paying for the remediation process within my department?
Each unit is responsible for funding the remediation in its area.What can our department use instead of SSNs?
The University ID number is the best replacement in most circumstances. On a case-by-case basis, it may be determined that computing ID is a better alternative, e.g. when the system includes a large number of non-UVa affiliates.Will ISIS allow login or lookup using the new University ID number rather than SSN?
ISIS Online now allows users to login with their University ID numbers instead of their SSNs. An ISIS green screen is also now available to allow look ups by University ID numbers instead of SSNs.Will the University ID number be used in the new Student System?
The University ID number will be stored in the new Student System, which will be using the University ID number wherever possible to integrate with other systems. The University ID number will also be available as a search field on some PeopleSoft pages.Will the Integrated System and Human Resources use the University ID number?
University ID numbers are stored in the Integrated System as part of the employee record. How and when this information will be utilized is under discussion.How does our department convert our current stores of SSNs in electronic systems to University ID numbers?
An interface has been developed to allow a one-time conversion of your data by reference to ISIS for student SSNs. Changes will also need to be made to ongoing feeds and interfaces to ensure data is mapped properly.Why is the University doing this now? Why not just wait until the new Student System is in place?
Like SSNs, University ID numbers are 9-digit numbers. However, steps have been taken to reduce the possibility of University ID number-SSN overlap (e.g. out of the original random creation of 20,000+ University ID numbers, fewer than 100 matched SSNs already in our system and replacements were regenerated for those). So usually, if one is trying to look up someone based on University ID number and nothing is returned, the informant accidentally provided the SSN (or vice versa). To help distinguish which number is being asked for on a form, never refer to “ID #” but explicitly ask for “University ID number,” “ISIS ID number” or “SSN” as appropriate. Also, a helpful visual clue as to what is being requested in forms is the use of the 4 digit dash 5 digit format used by the University ID (xxxx-xxxxx) rather than the xxx-xx-xxxx format traditionally used for SSNs. The same is true for reports and print outs.Are University ID numbers public information?
Although University ID numbers are not, strictly speaking, confidential, they should not be handled casually, and, particularly when used or stored in large quantities, should be well-protected. University ID numbers are defined as moderately sensitive data under U.Va.'s official Institutional Data Protection Standards.What can individual faculty members do concerning their use of SSNs?
There are several actions faculty members can take, including:
Social Security Number Redaction and Records Management
As required by law:
Approved Redaction Methods
For additional information, please visit the University Records Management Office web page.