The University Policy Manual

  • Home »
  • Social Security Numbers

Social Security Numbers

The University of North Carolina at Greensboro

  • (Approved by the Chancellor, February 9, 2010)
  • (Approved by the Chancellor, May 15, 2010)

Purpose

The purpose of this policy is to help safeguard the Social Security numbers ("SSNs") of UNCG students, employees and the public, while providing guidance on how Social Security numbers may be obtained, used and disclosed. This policy is designed to facilitate University compliance with N.C. Gen. Statutes 132-1.10 (lawful use of SSNs) and the federal statutes cited herein.

Scope

This policy applies to all University employees, contractors, subcontractors and vendors who, in the course of their employment or duties on behalf of the University, have access to SSNs.

Policy

Disclosure of SSNs Within the University

LAWFULLY OBTAINED Social Security Numbers (SSNs) may be exchanged within the University among its various departments and divisions where necessary for the receiving department/division to perform its governmental duties and responsibilities, or as otherwise allowed or required by law. Note: Student SSNs are considered "education records" under the Family Educational Rights and Privacy Act (FERPA), and may be disclosed within the University only to "school officials, including teachers, within the University, whom the University has determined have legitimate educational interests." See University FERPA Policy at http://sa.uncg.edu/handbook/wp-content/uploads/ferpa.pdf.

Security Measures

University departments that receive SSNs must utilize security measures to protect the information, including those found in all applicable University policies and procedures. Proper physical security measures include, but are not limited to, limited access to SSNs, and locked filing cabinets and offices.

With regard to electronic security measures, SSNs are considered "Restricted Data" pursuant to the UNCG Data Classification Policy at http://policy.uncg.edu/data/. Electronic storage and transmission of SSNs must be accomplished in compliance with the UNCG Information Security Policy at http://policy.uncg.edu/information_security/. Unless required by law, a SSN shall not be transmitted over the Internet, except where the connection is secure or the SSN is encrypted.

Sending SSNs by Mail

SSNs may not appear on any materials that are mailed, unless state or federal law or regulations allow or require that the SSN appear on the document to be mailed. A SSN that is permitted to be mailed may not be printed, in whole or in part, on a postcard or other mailer not requiring an envelope, or visible on the envelope or without the envelope having been opened.

Federal Privacy Act

Pursuant to the Federal Privacy Act, UNCG shall not deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his/her SSN, except refusal to disclose after a request pursuant to the requirements of a statute.

Requiring Individuals to use SSNs to Access Services

SSNs shall not be intentionally printed or imbedded on any card required for an individual to access University services. Unless the connection is secure or the SSN is encrypted, an individual shall not be required to transmit his/her SSN over the Internet. An individual shall not be required to use his/her SSN to access an Internet web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet web site.

How May UNCG Disclose SSNs to Persons or Entities outside UNCG?

UNCG may disclose "LAWFULLY OBTAINED" SSNs to persons or entities outside the University when allowed or required by law. The examples below are not an exhaustive list, and the persons making disclosures should refer to the University policies, statutes and regulations that apply to their particular department or division. Counsel can be consulted if questions about disclosure remain.

Disclosure of SSNs to other Governmental Entities.

LAWFULLY OBTAINED SSNs may be disclosed by UNCG to another governmental entity (State or Federal) where disclosure is necessary for the receiving governmental entity to perform its governmental duties and responsibilities. The receiving governmental entity shall maintain the confidential nature of the SSNs.

Specific examples (not an exhaustive list) of when UNCG may disclose LAWFULLY OBTAINED SSNs to other governmental entities are listed in the UNCG Statement of Purposes for Which Social Security Numbers are Collected and Used at http://provost.uncg.edu/Academic/EPA_Personnel/Docs/UNCG_Statement_of_Purposes.pdf.

Disclosure of SSNs to Contractors and Vendors.

UNCG may disclose LAWFULLY OBTAINED SSNs to its contractors or vendors where disclosure is necessary for UNCG to perform its bona fide governmental duties and responsibilities. Such vendors or contractors shall maintain the confidentiality of the information. If any division or department of UNCG is contemplating entering into any contract or agreement where there will be disclosure of SSNs to any vendor or contractor, University Counsel shall be consulted prior to entering into such a contract. In addition, disclosure of Student SSNs to contractors or vendors is subject to FERPA. See section IV.B.2 of University FERPA Policy on the Student Policy Handbook web page at http://sa.uncg.edu/handbook/wp-content/uploads/ferpa.pdf.

Disclosure as required by Court order, Warrant or Subpoena.

UNCG may release SSNs in response to a court order, warrant or subpoena. University Counsel should be immediately consulted upon receipt of such documents.

Disclosure for Public Health Purposes.

UNCG may release SSNs to public health officials where necessary to identify, investigate or prevent health risks.

How may UNCG "LAWFULLY OBTAIN" SSNs from Persons or Entities Outside UNCG?

UNCG may "LAWFULLY OBTAIN" SSNs from persons or entities outside the University when allowed or required by law. The examples below are not an exhaustive list, and the UNCG employees obtaining SSNs should refer to University Policies and the statutes and regulations that apply to their particular department or division. Counsel can be consulted if questions remain. After UNCG receives the SSNs from persons or entities outside the University, it shall observe the security measures set forth in the section Security Measures above.

Receipt of SSNs from OTHER GOVERNMENTAL Entities.

SSNs may be received by UNCG from other governmental entities (State or Federal) where disclosure is necessary for UNCG to perform its governmental duties and responsibilities.

Obtaining SSNs directly from INDIVIDUALS.

If SSNs cannot be obtained from within the University or from another governmental entity and UNCG must instead obtain the SSN directly from the INDIVIDUAL, then UNCG must be "authorized by law" to do so, or the collection of the SSN must be imperative for UNCG to "perform its duties and responsibilities as prescribed by law."

Some examples (not an exhaustive list) of when UNCG is "authorized by law" to obtain SSNs from Individuals are listed in the UNCG Statement of Purposes for Which Social Security Numbers are Collected and Used at http://provost.uncg.edu/Academic/EPA_Personnel/Docs/UNCG_Statement_of_Purposes.pdf.
Additional Requirements Imposed by North Carolina Law when Collecting a SSN from an Individual.

In addition to being "authorized by law" to collect the SSN, the department or division of UNCG that collects the SSN from an individual must comply with the following additional provisions:

  1. UNCG must maintain the SSN in its records such that it is readily redacted if the records are subject to a public records request; and
  2. UNCG must be ready to provide the individual, upon request, the reason or reasons for which the SSN is being requested; and
  3. UNCG may use the SSN only for the stated purposes: and
  4. UNCG shall not intentionally communicate or otherwise make SSNs available to the general public.

The Family Educational Rights and Privacy Act (FERPA)

Student SSNs maintained by UNCG are Education Records pursuant to FERPA. As such, student SSNs and may not be disclosed except as permitted by FERPA. Generally, express written permission from the student is required for disclosure of this information to a third party. See the University FERPA policy at http://sa.uncg.edu/handbook/wp-content/uploads/ferpa.pdf and contact University Counsel with questions.

HIPAA Restrictions

SSNs are considered "protected health information" (PHI) under privacy rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As such, the use and disclosure of SSNs are subject to other restrictions under those rules and the UNCG policies that govern the use and disclosure of SSNs. Please contact the UNCG HIPAA Privacy Officer and the University HIPAA Policy at http://policy.uncg.edu/HIPAA/ with any questions related to the proper use and disclosure of SSNs under the HIPAA Privacy rules.

Enforcement

Any violation of this policy by faculty and staff is "misconduct" under EPA policies (faculty and EPA non-faculty) and "unacceptable personal conduct" under SPA policies, including any appeal rights stated therein. Violations of law may also be referred for criminal or civil prosecution.

Review

The Administrative Systems Committee will periodically review this policy as necessary

Links to Related University Policies

Contact

Comments or questions? Email the Policy Administrator.