2,654
edits
No edit summary |
No edit summary |
||
Line 40: | Line 40: | ||
Social Security Numbers (SSNs) - including any portion of the full nine digits-shall not be electronically collected, transmitted, or stored by members of the workforce unless specifically authorized in writing by authorized individuals as outlined in this policy. Individuals or departments that collect, transmit or store SSNs will take steps necessary to secure this data using best practices identified by the Information Security Office. | Social Security Numbers (SSNs) - including any portion of the full nine digits-shall not be electronically collected, transmitted, or stored by members of the workforce unless specifically authorized in writing by authorized individuals as outlined in this policy. Individuals or departments that collect, transmit or store SSNs will take steps necessary to secure this data using best practices identified by the Information Security Office. | ||
The following individuals are authorized to approve use of Social Security | The following individuals are authorized to approve use of Social Security Numbers. | ||
*Employees - Assistant Vice Chancellor for Human Resources | *Employees - Assistant Vice Chancellor for Human Resources | ||
*Students - Assistant Vice Chancellor for Academic Affairs/Student Affairs | *Students - Assistant Vice Chancellor for Academic Affairs/Student Affairs | ||
Line 48: | Line 48: | ||
*UNMC is responsible for safeguarding and protecting Social Security Numbers against loss, tampering, and disclosure. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]). | *UNMC is responsible for safeguarding and protecting Social Security Numbers against loss, tampering, and disclosure. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]). | ||
*UNMC shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches involving Social Security Numbers. | *UNMC shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches involving Social Security Numbers. | ||
*Workforce members who suspect a Social Security Number violation must report it immediately to their respective manager, the Privacy Office, or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 1-866-568-5430. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. | *Workforce members who suspect a Social Security Number violation must report it immediately to their respective manager, the Privacy Office, or the Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 1-866-568-5430. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. | ||
*Sanctions for violations of privacy or information security policies may include scholastic or employee corrective action up to and including student dismissal or termination of employment. (See UNMC Policy No. 1098, [http://wiki.unmc.edu/Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]). | *Sanctions for violations of privacy or information security policies may include scholastic or employee corrective action up to and including student dismissal or termination of employment. (See UNMC Policy No. 1098, [http://wiki.unmc.edu/Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]). | ||
===Student Education Record Information=== | ===Student Education Record Information=== |