Changes

Jump to: navigation, search

Social Security Number

7 bytes removed, 21:19, August 19, 2015
no edit summary
===Employee Information ===
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:
:*Personnel (SAP) Number
:*Last four digits of Social Security Number
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.
*In the event that the Social Security Number must be maintained, an a form [http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number] must be completed and submitted to the Information Security Office who will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
===Approval/Disapproval Process===
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.
If the request to use Social Security number is disapproved and the requestor wishes to appeal the decision, the Vice Chancellor for Business and Finance will be asked to review the request and render a final decision.
===Review of Electronic Data storage===
Periodically the Information Security Office will generate reports which will identify the storage locations of Social Security Numbers. These reports will be distributed to unit management for review. The intent of the report is to help unit management know where Social Security Numbers are used within their unit.
===Record Retention===
The Information Security Office will maintain the exception forms. The forms will be reviewed periodically to verify that the exception is still valid.
===Definitions===
'''''Information Security''''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.

Navigation menu