UNC Memorandum on Social Security Numbers

MEMORANDUM

PROHIBITION ON USE OF SOCIAL SECURITY NUMBERS and COLLECTION, RETENTION and DISPOSAL OF RECORDS CONTAINING SOCIAL SECURITY NUMBERS and SENSITIVE, IDENTIFYING INFORMATION

To: Deans, Directors and Department Chairs

CC: Admissions Officers Business Managers HR Facilitators, Information Technology Staff, Research Administration Staff

From: University Committee on the Protection of Personal Data, Juliann Tenney, HIPAA Privacy Officer, Chair and Stan Waddell, Executive Director & Information Security Officer, Information Technology Services

Date: April 19, 2012

University departments and employees are not permitted to collect or retain social security numbers. This rule is subject to only two exceptions: (1) a governmental authority requires the collection or retention of social security numbers, or (2) a department has a previously approved business reason to do so. Confirming an individual's identity using a social security number is prohibited unless a department satisfies one of these two exceptions.

Any department that collects or retains social security numbers must file a disclosure statement. Instructions to complete this statement may be found at: http://www.unc.edu/depts/legal/ssn/ Existing records, documents, and files that contain social security numbers or other sensitive and identifying information must be handled with care. Any such materials that must be retained pursuant to a department's archival procedures should be redacted unless a governmental authority or approved business reason requires the use of social security numbers. If it is not possible to redact archived records, documents or files, they must be stored securely.

If records, documents, or files that contain social security numbers or other sensitive and identifying information need not be retained under a department's archival procedures, they should be shredded without delay.

For more information call the Research Compliance Program at 919-843-9953 or write to research_compliance@unc.edu.

This email is sponsored by: Research Compliance Program