To establish a policy with regard to the University’s collection, maintenance, and distribution of students, faculty and staff Social Security Numbers and to ensure compliance with federal, state and local law. This policy shall be effective August 1, 2009. Compliance with this policy shall be attained through a phased approach, pending implementation of the technology and software required to securely and efficiently assign a unique identifier to students and employees.
This policy mandates a migration away from the use of the Social Security number as a common identifier at Northeastern State University.
Policy objectives include:
The University is committed to ensuring the privacy of affiliated entities and proper handling of Social Security Numbers and other confidential information that it collects and maintains from students, faculty, staff, and other individuals associated with the University.
A unique identification number shall be assigned to students and employees. The University ID shall be assigned at the earliest possible point of contact between the individual and the University. The ID shall be used as the campus ID card identifier and shall be used in all future electronic systems and on paper documents to identify, track, and to provide service to individuals associated with the University. It shall be permanently associated with the individual to whom it is originally assigned.
Personal information shall not be publicly posted or displayed in a manner where either the University ID or the Social Security Number identifies the individual associated with the information.
Except in those cases where the University is required to collect a Social Security number, individuals shall not be required to provide their Social Security number verbally or in writing, at any point of service, nor shall they be denied access to those services should they refuse to provide a Social Security Number. Individuals may volunteer their Social Security Number as means of locating a record, document, etc. Alternatively, if electing not to provide a Social Security Number, an individual may be required to provide other identifying information necessary as a means of locating a record, document, etc.
The University shall release Social Security Numbers to entities outside the University (contractors, vendors, service providers, collection agencies, etc.) when required for certain legal and business activities.
Social Security Numbers may continue to be stored as a confidential attribute associated with an individual. The Social Security Number shall be used as allowed by law; and as an optional key to identify individuals for whom an alternative identification number is not known or has not yet been assigned.
Formal and informal documents which contain Social Security Numbers shall be maintained for the minimum period of time necessary or as required by the Oklahoma General Records Disposition Schedule for State Colleges and Universities. Such documents shall be maintained in a secure manner. Upon reaching the end of the required period, the document must be destroyed pursuant to the Oklahoma General Records Disposition Schedule for State Colleges and Universities.
The University SSN Administration and Compliance Committee shall oversee Social Security Number usage as it relates to students, faculty, staff and other individuals associated with the University. Members of the SSN Administration and Compliance Committee include:
Contact a member of the SSN Administration and Compliance Committee with questions regarding the use of Social Security Numbers.
The University SSN Administration and Compliance Committee shall have the responsibility to:
Coordinate communications to faculty, staff, and students concerning their rights and responsibilities with regard to the collection, maintenance, and distribution of Social Security Numbers;
The Privacy Act of 1974 (P.L. 93-579) limits the circumstances under which governmental agencies may request social security numbers from individuals.
Whenever a University department designs a form that directly solicits a social security number from an individual, the form is to display a statement explaining whether the disclosure of the social security number is mandatory or voluntary.
Federal statutes and regulations that mandate or authorize the use of social security numbers is attached in Appendix I.
Please use the following disclosure notice wording for forms requesting social security numbers directly from individuals:
At no time should a Social Security Number identifying a specific person (or persons) be transmitted in an unsecured manner within the body or subject line of an email by any employee of the University. The Computing and Telecommunications Department have developed a set of standards and guidelines addressing the handling of Social Security Numbers in electronic systems. Adherence to these guidelines in all future development shall be considered a requirement of this policy statement. The Computing and Telecommunications Department policy can be found in Appendix II of this policy.
Compliance with this policy shall be attained through a phased approach. The University SSN Administration and Compliance Committee shall be responsible for monitoring compliance with this policy. The Committee shall use a departmental case by case approach to ensure this policy is implemented in an effective and timely manner.
Any employee or student who knowingly violates this policy and/or in any way breaches the confidentiality of Social Security Numbers may be subject to appropriate disciplinary action or sanctions pursuant to NSU and RUSO (Regional University System of Oklahoma) policies and procedures as well as state and federal law.
<back to University Policies