NSU's Social Security Number Policy

Overview:
This document outlines the policies and procedures for the handling of Social Security Numbers stored, processed, or transmitted electronically.  Examples of these include but are not limited to: enterprise databases, small databases such as MS Access, Web pages, e-mail, spreadsheets, tables or lists in word processing documents, etc. 

Policy Statement:
NSU will use Social Security Numbers as required and authorized by local, state and federal law.  NSU will not use Social Security Numbers as an identifier in order to provide services or to transmit them electronically in an unsecured manner.  

Procedure:

  • Electronic records containing SSNs may be stored only on University-owned electronic devices.  Such devices must be secured against unauthorized access. Computer systems requiring the storage of SSNs must store them in a separate – if possible encrypted and password protected – data files or data sets.
  • Persons with access to electronic systems containing SSNs must take reasonable care to minimize the time a computer screen displays an SSN and to shield computer screens displaying SSNs from those without a legitimate work-related reason to access the SSN. Computer screens displaying SSNs should never be left unattended.
  • Information containing SSNs, or any part thereof (e.g., the last four digits of the SSN), may not be published on any University web site.
  • Employees may not share passwords to computer systems that provide access to screens displaying SSNs.
  • University employees may not require individuals to use SSNs as passwords, codes, or identifiers for access to Internet web sites or other services.
  • When computers are sent to surplus or transferred to another department, data containing SSNs must be destroyed pursuant to the Oklahoma General Records Disposition Schedule for State Colleges and Universities. 
  • Users who borrow a University laptop computer for temporary use must ensure that any confidential information they may have stored on the computer’s hard drive in the course of such temporary use is removed before returning the computer to the University.
  • University employees may not require individuals to send their SSNs over the Internet, by email, or instant messaging for a University-related purpose, unless the connection is secure or the SSN is encrypted and required or authorized by local, state or federal law. 
NetNotes Home Page
Frequently Asked Questions
The Latest NET Happenings
Campus Wide Email Groups
NetNotes Historical Data
Do It Yourself - Self Help Tutorials
The Web or NetNotes
Service Interruptions
Online Forms
Fun N Useful Stuff
I Need Assistance NOW!