BibTeX
@MISC{_a.inventory,
author = {},
title = {A. Inventory of Social Security Numbers},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
Security numbers—sensitive data whose misuse poses privacy risks to individuals, and compliance and reputational risks to the University. It calls on staff, faculty, contractors, and agents of the above to inventory their online and offline Social Security numbers and reduce the above risks by, in priority order: (1) eliminating this data altogether, (2) converting it to PennID, (3) truncating the data to capture and display only the last four digits, and (4) when the complete Social Security number (SSN) is clearly necessary, ensuring strict security controls to protect the full data. This policy also requires that Local Security Officers assist these individuals in developing compliance plans, where appropriate, and developing programs to promote compliance. This policy focuses on Social Security numbers collected and maintained as part of University operations. The handling of one’s own Social Security number, or Social Security numbers of family members, separate and apart from University operations, is not subject to this policy, although many of its measures are recommended as a matter of best practice. Statement of Policy It is the responsibility of individuals subject to this policy to use best efforts to know and inventory where they are maintaining Social security numbers and to make every effort to securely delete, convert, truncate, or secure such information.
