|
|
Answer
(Yes/No/NA)
|
State Business Purpose or Legal Requirement (Be specific: identify statute, law, admin, dept)
|
|
Do you currently use Social Security Numbers (SSN) for any purpose in your unit? If so, please list & identify purpose.
|
|
|
|
Do any of your forms currently request SSN? Web forms? Paper form?
|
|
|
|
Do you receive SSN by e-mail? Fax? From whom?
|
|
|
|
Do you send any information to students including SSN? Electronic/Paper/Fax?
|
|
|
|
Do you send any information to students including SSN? Electronic/Paper/Fax?
|
|
|
|
Do you send any information to administrators/departments using SSN? Electronically/paper?
|
|
|
|
Do you include a Confidentiality Statement at the bottom of your email? Fax? Paper docs?
|
|
|
|
Do you collect SSN through the WEB? If so, what programs/URL/fillable forms?
|
|
|
|
Do you have a confidentiality/privacy statement on the WEB regarding the collection or use of the information?
|
|
|
|
Do you or your staff download documents or files with SSN visible from PeopleSoft or other systems?
|
|
|
|
Do you download SSN with student name, DOB, or other identifying information onto your computer?
|
|
|
|
Do you store SSN on the C-drive or U-drive in a spreadsheet or other file? If so, how?
|
|
|
|
Do you retain SSN information in your files (electronic or paper)? If so, how long?
|
|
|
|
Have you audited your unit/department computers to determine if files have SSN contained on the hard/C drive? How often?
|
|
|
|
Do you store SSN on portable devices, (e.g. floppies, zip-drives, USB/flash drives, CDs, etc.)?
|
|
|
|
Do you have a locking drawer or cabinet for any paper documents containing SSNs? Use it?
|
|
|
|
Do you password protect the files with SSN?
|
|
|
|
Do you encrypt SSN data on computers? Or portable devices? What and how?
|
|
|
|
Do you purge electronic files with SSN? If so, how? How often? What method?
|
|
|
|
Do you have an approval process for use of SSN in your business process?
|
|
|
|
Do you have written policies in your unit concerning use of SSN? What and where?
|
|
|
|
Do you train your staff on usage, handling & retention of SSN? If so, how often?
|
|
|
|
If your staff handles SSNs or other Confidential information, do they sign a Confidentiality statement?
|
|
|
|
Do you use an alternative identifier from SSN in your work? If so, what identifier?
|
|
|
