Policy Home at The University of West Georgia

Log On

SSN Policy

I. Purpose

This policy addresses the requirements of the Federal Privacy Act of 1974 and amendments, regarding requests by the University for social security numbers (SSN) and provides guidelines for policy and procedures on the proper use and disclosure of the SSN to ensure that the Federal Privacy Act requirements are met.

II. Background

The Federal Privacy Act of 1974 and amendments establish guidelines under which any state agency may request a social security number from an individual. Individuals may not be required to give their SSN unless specific to a Federal or State statute. Agencies may not deny any right, benefit or privilege to any individual because of their refusal to disclose their SSN. It is incumbent on the University to inform the individual whether the disclosure is mandatory or voluntary, by what statute or other authority, and what uses will be made of the social security number. (Reference A)

The social security number was not designed to serve as a universal identification mechanism. Casual use of the SSN has contributed to an escalation in identity theft. It is the intent of the University to comply with the Federal Privacy Act and to take the necessary precautions to protect the identity of all of its constituents. (Reference B).

III. Collection and Release of Social Security Numbers
Student

The Board of Regents (BOR) supports the use of alternate identifiers for students as indicated below in the BOR policy manual.

"The Social Security Number shall be required from all entering students for a permanent and lasting record. When possible, an alternative number will be assigned and used by institutions for all purposes, which do not require the Social Security Number. In no event shall grades be posted by using the Social Security Number. The University System of Georgia is dedicated to insuring the privacy and proper handling of confidential information pertaining to students and employees."

The University of West Georgia requires that a student provide a social security number at the time of application to the University. The social security number will not be used as the student ID number but will continue to be provided to entities requiring social security number, including but not limited to the federal government for financial aid and Tax Relief Act (1997) reporting, Immigration and Naturalization Service, Board of Regents of the University System of Georgia for statistical reporting purposes and as required by court order in accordance with the Family Educational Rights and Privacy Act.

Employee

The University will require that an employee provide a social security number at the time of employment. The social security number will not be used as an Employee ID number for internal university uses, but will be provided to external entities requiring Social Security Number, including but not limited to federal, state and local governments, insurance carriers, and retirement programs. Individuals who are affiliates or vendors will be required to provide a social security number for mandated tax reporting purposes.

IV. Regulations
  1. Systems purchased or developed by West Georgia will not use social security numbers as identifiers unless required by law.
  2. All West Georgia employees, students and other individuals that require an identifying number, will be assigned a unique identification number that is not the same as, or derived from, the individual's social security number.
  3. Systems purchased or developed by West Georgia will use social security numbers as data elements only, not as keys to databases.
  4. Systems purchased or developed by West Georgia will not display social security numbers visually, whether on computer monitors, or on printed forms or other system output, unless required by law or business necessity.
  5. Name and directory systems purchased or developed by West Georgia will be tied to an individual's unique identification number, not social security number.
  6. When databases require social security numbers, the database should provide a cross-reference between the social security number and the alternate identifier in order to limit exposure of the social security number.
  7. No system or technology will be developed or purchased by West Georgia unless it is compatible with these regulations.
  8. All employees, including student assistants, who have access to individually identifiable information as defined by the Family Educational Privacy Act of 1974 should be required to sign a statement of understanding that such information is prohibited from disclosure. Employees should include all who have access to offices which house individually identifiable information including custodial and facilities staff. As part of employee orientation, each employee should be required to sign the worker statement of understanding.
  9. All documents, either electronic or paper, that contain a social security number must be kept out of direct public view.
  10. All documents, either electronic or paper, that contain a social security number must be secured in a locked or secured access area after business hours.
  11. All documents, either electronic or paper, that contain social security number must be disposed of in a manner that complies with the University policy on destruction of documents containing confidential data.
  12. All systems that electronically store social security numbers must adhere to the standards described in the UWG Information Security Plan, specifically the section covering data sensitivity and asset classification. A copy of the plan may be found at http://www.westga.edu/policy.
  13. Electronic transmission of social security numbers must adhere to the standards described in the UWG Information Security Plan, specifically the section detailing data encryption standards. A copy of the plan may be found at http://westga.edu/policy.
  14. All systems that electronically store social security numbers must register the system with the Information Security Officer and complete a risk analysis as defined by the UWG Information Security Plan. A copy of the plan may be found at http://www.westga.edu/policy.

Reference A

DISCLOSURE OF SOCIAL SECURITY NUMBER
Section 7 of Pub. L. 93-579 provided that: '(a) (1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number. '(2) the (The) provisions of paragraph (1) of this subsection shall not apply with respect to - '(A) any disclosure which is required by Federal statute, or I (B) the disclosure of a social security number to any Federal, State, or local agency maintaining a system of records in existence and operating before January 1, 1975, if such disclosure was required under statute or regulation adopted prior to such date to verify the identity of an individual. '(b) Any Federal, State, or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.'

Reference B

According to the Federal Trade Commission identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/
about-identity-theft.html

Revisions
March 2008
  1. Remove “State” from all occurrences of the University name.
  2. Add a version number, approval date, and revision date to the top of the document.
  3. Move the definition of identity theft from Section II paragraph 2 to Reference B and re-word the last sentence of Section II paragraph 2.
  4. Edit Section III Student paragraph 2 sentence 2 to remove the phrase “In the future”.
  5. Correct typo in Section III Student paragraph 2 sentence 2 “continued” to “continue”.
  6. Reword section IV Regulations B to remove “in the future”.
  7. Remove “or business necessity” from Section IV Regulations A.
  8. Remove the section entitled “Access #1 - 3”, as Banner permissions are no longer assigned to a class but to an individual.
  9. Move the section entitled “Access #4” to section IV Regulations H.
  10. Move the section entitled “Securing #1 ” to section IV Regulations I and edit to add ‘either electronic or paper’.
  11. Move the section entitled “Securing #2” to section IV Regulations J and edit to add “either electronic or paper”.
  12. Move the section “Disposal #1” to section IV Regulations K and re-word.
  13. Remove the section Disposal #2, since it is not a policy statement.
  14. Add IV Regulations item L.
  15. Add IV Regulations item M.
  16. Add IV Regulations item N.
  17. Reword IV Regulations item F for clarity.