[X] Close Window

Policies

The Administrative Data Access Policy covers University handling of all sensitive data, including SSNs. This policy is expected to be replaced by three more explicit policies: 1) a Data Classification policy, 2) a Data Stewardship policy, and 3) a Social Security Number policy. These new policies will be publicized when issued.

SSN Policy

The University Policy Office announced the issuance of University Policy IRM-014, Protection & Use of Social Security Numbers on 12/10/07.

The policy specifies limited conditions under which SSNs may be collected, used and/or reported. Its implementation reduces the University's risk of unauthorized exposure of SSNs by minimizing the amount of SSN data stored and increasing the security of these data stores.

In order to meet the policy requirements, departments will need to get approval before using SSNs in any new way. By July 1, 2008, departments will need to identify all records and records systems within their purview that use SSNs and develop a remediation plan, which, following approval, must be implemented by July 1, 2009.

Forms and Reports

Remediation Guidance Document for Departments (v. 1.2; updated 4/15/08)
Overview of SSN policy implementation requirements
Request for Approval to Use Social Security Numbers (v. 1.0)
For any new use of SSNs now and for any continuing use requested in the SSN Inventory and Remediation Plan
Social Security Number Inventory and Remediation Plan (v. 1.1; updated 4/15/08)
For reports due July 1, 2008
1. SSN Identify and Inventory
  1. SSN Data Inventory Worksheet
  2. SSN/Credit Card Data Machine Scanning Tracking Sheet
  3. Tracking Sheet for Identified SSN Usage
  4. Tracking Sheet for Credit Card Information and Protected Health Information Data
2. SSN Remediation Plan
Institutional Data Protection Standards (issued 08/04/09)
These define standards for protection and use of all institutional data including highly sensitive data, which include SSNs.

The FAQs include some policy implementation questions.

Overview Presentation

The overview presentation (given at multiple sessions during the initial initiative roll out) is available as a PDF in both short and full form:

Short SSN Policy overview (9 slides)
Full SSN Policy overview (17 slides)

[X] Close Window



Project Charter Policies Frequently Asked Questions Project Organization Related Links Contact Us Home		Policies The Administrative Data Access Policy covers University handling of all sensitive data, including SSNs. This policy is expected to be replaced by three more explicit policies: 1) a Data Classification policy, 2) a Data Stewardship policy, and 3) a Social Security Number policy. These new policies will be publicized when issued. SSN Policy The University Policy Office announced the issuance of University Policy IRM-014, Protection & Use of Social Security Numbers on 12/10/07. The policy specifies limited conditions under which SSNs may be collected, used and/or reported. Its implementation reduces the University's risk of unauthorized exposure of SSNs by minimizing the amount of SSN data stored and increasing the security of these data stores. In order to meet the policy requirements, departments will need to get approval before using SSNs in any new way. By July 1, 2008, departments will need to identify all records and records systems within their purview that use SSNs and develop a remediation plan, which, following approval, must be implemented by July 1, 2009. Forms and Reports Remediation Guidance Document for Departments (v. 1.2; updated 4/15/08) Overview of SSN policy implementation requirements Request for Approval to Use Social Security Numbers (v. 1.0) For any new use of SSNs now and for any continuing use requested in the SSN Inventory and Remediation Plan Social Security Number Inventory and Remediation Plan (v. 1.1; updated 4/15/08) For reports due July 1, 2008 SSN Identify and Inventory SSN Data Inventory Worksheet SSN/Credit Card Data Machine Scanning Tracking Sheet Tracking Sheet for Identified SSN Usage Tracking Sheet for Credit Card Information and Protected Health Information Data SSN Remediation Plan Institutional Data Protection Standards (issued 08/04/09) These define standards for protection and use of all institutional data including highly sensitive data, which include SSNs. The FAQs include some policy implementation questions. Overview Presentation The overview presentation (given at multiple sessions during the initial initiative roll out) is available as a PDF in both short and full form: Short SSN Policy overview (9 slides) Full SSN Policy overview (17 slides)

Policies

SSN Policy

Forms and Reports

Overview Presentation

SSN Initiative