Social Security Number

Purpose

To establish a policy with regard to the University’s collection, maintenance, and distribution of students, faculty and staff Social Security Numbers and to ensure compliance with federal, state and local law. This policy shall be effective August 1, 2009. Compliance with this policy shall be attained through a phased approach, pending implementation of the technology and software required to securely and efficiently assign a unique identifier to students and employees.

Policy

This policy mandates a migration away from the use of the Social Security number as a common identifier at Northeastern State University.

Policy objectives include:

  • Campus-wide awareness of the confidential nature of Social Security Number;
  • A consistent policy towards use of Social Security Numbers; and
  • Increased confidence by students, faculty and staff that Social Security Numbers are handled in a confidential manner.

The University is committed to ensuring the privacy of affiliated entities and proper handling of Social Security Numbers and other confidential information that it collects and maintains from students, faculty, staff, and other individuals associated with the University.

Procedure

A unique identification number shall be assigned to students and employees. The University ID shall be assigned at the earliest possible point of contact between the individual and the University. The ID shall be used as the campus ID card identifier and shall be used in all future electronic systems and on paper documents to identify, track, and to provide service to individuals associated with the University. It shall be permanently associated with the individual to whom it is originally assigned.

Personal information shall not be publicly posted or displayed in a manner where either the University ID or the Social Security Number identifies the individual associated with the information.

Except in those cases where the University is required to collect a Social Security number, individuals shall not be required to provide their Social Security number verbally or in writing, at any point of service, nor shall they be denied access to those services should they refuse to provide a Social Security Number. Individuals may volunteer their Social Security Number as means of locating a record, document, etc. Alternatively, if electing not to provide a Social Security Number, an individual may be required to provide other identifying information necessary as a means of locating a record, document, etc.

The University shall release Social Security Numbers to entities outside the University (contractors, vendors, service providers, collection agencies, etc.) when required for certain legal and business activities.

Social Security Numbers may continue to be stored as a confidential attribute associated with an individual. The Social Security Number shall be used as allowed by law; and as an optional key to identify individuals for whom an alternative identification number is not known or has not yet been assigned.

Formal and informal documents which contain Social Security Numbers shall be maintained for the minimum period of time necessary or as required by the Oklahoma General Records Disposition Schedule for State Colleges and Universities. Such documents shall be maintained in a secure manner. Upon reaching the end of the required period, the document must be destroyed pursuant to the Oklahoma General Records Disposition Schedule for State Colleges and Universities.

The University SSN Administration and Compliance Committee shall oversee Social Security Number usage as it relates to students, faculty, staff and other individuals associated with the University. Members of the SSN Administration and Compliance Committee include:

  • Associate Vice President of Administration, ext. 2040;
  • Director of Business Affairs, ext. 2187;
  • Assistant Director of Computing and Telecommunications, ext. 5900; and
  • General Counsel, ext. 2000.

Contact a member of the SSN Administration and Compliance Committee with questions regarding the use of Social Security Numbers.

The University SSN Administration and Compliance Committee shall have the responsibility to:

Coordinate communications to faculty, staff, and students concerning their rights and responsibilities with regard to the collection, maintenance, and distribution of Social Security Numbers;

  • Oversee the implementation and adherence to NSU’s SSN policy;
  • Provide support and guidance for offices working with Social Security Numbers;
  • Issue opinions and advice on the release or exchange of Social Security Numbers;
  • Authorize the use of Social Security Numbers in new systems, as appropriate;
  • Maintain a list of entities (contractors, vendors, service providers) to which Social Security Numbers may be released; and
  • Maintain a set of standard disclosure statements for use on University forms and documents that collect Social Security Numbers.

Disclosure Statement

The Privacy Act of 1974 (P.L. 93-579) limits the circumstances under which governmental agencies may request social security numbers from individuals.

Whenever a University department designs a form that directly solicits a social security number from an individual, the form is to display a statement explaining whether the disclosure of the social security number is mandatory or voluntary.

Federal statutes and regulations that mandate or authorize the use of social security numbers is attached in Appendix I.

Disclosure Wording

Please use the following disclosure notice wording for forms requesting social security numbers directly from individuals:

Mandatory Disclosure:
NSU requires disclosure of your social security number on this form. The authority for this mandatory disclosure is found in the NSU Social Security Number Usage Policy, Appendix I
Voluntary Disclosure:
It is unlawful for NSU to deny any individual any right, benefit, or privilege provided by law because the individual refuses to disclose his or her social security number except in limited circumstances. NSU requests the voluntary disclosure of your social security number on this form. If provided, NSU will use your Social Security Number for the authorized uses found in the NSU Social Security Number Usage Policy, Appendix I

Computing and Telecommunications

At no time should a Social Security Number identifying a specific person (or persons) be transmitted in an unsecured manner within the body or subject line of an email by any employee of the University. The Computing and Telecommunications Department have developed a set of standards and guidelines addressing the handling of Social Security Numbers in electronic systems. Adherence to these guidelines in all future development shall be considered a requirement of this policy statement. The Computing and Telecommunications Department policy can be found in Appendix II of this policy.

Compliance

Compliance with this policy shall be attained through a phased approach. The University SSN Administration and Compliance Committee shall be responsible for monitoring compliance with this policy. The Committee shall use a departmental case by case approach to ensure this policy is implemented in an effective and timely manner.

Violation

Any employee or student who knowingly violates this policy and/or in any way breaches the confidentiality of Social Security Numbers may be subject to appropriate disciplinary action or sanctions pursuant to NSU and RUSO (Regional University System of Oklahoma) policies and procedures as well as state and federal law.

<back to University Policies