Use of Social Security Numbers (SSNs), CU UPNs and TC ID NumbersSkip to content Skip to main navigation
Teachers College Policy Library
Use of Social Security Numbers (SSNs), CU UPNs and TC ID Numbers
Owner: Computing & Information Services
URL: http://www.tc.columbia.edu/policylibrary/Use of Social Security Numbers (SSNs), CU UPNs and TC ID Numbers
A. Reason for Policy
Federal and state statues require handling SSNs in the most confidential manner. The distinctiveness of the SSN as an individual identifier makes it increasingly vulnerable to exploitation. Identity theft and the compromise of personal information are a growing concern for many institutions. The purposes of this policy are to:
- protect confidentiality of SSNs
- eliminate unnecessary storage and use of SSNs in College documentation, practices and systems;
- define the use of Columbia University’s Unique Person Number (UPN) and Teachers College’s ID Number (TCID) as the alternate individual primary identifiers in College systems and practices.
B. Responsible Officer and Office
Computing and Information Services (CIS)
The College’s policy is to protect Social Security Number (SSN) or equivalent data from unauthorized or unnecessary disclosure. As such, the use of the SSN as a primary identifier shall be avoided, except as required by law or as required by the business necessity. In order to protect the SSN of its faculty, staff, students and other individuals associated Teachers College, the College:
1. Does not collect SSNs except where necessary for employment records, financial aid records, health records and other business and governmental transactions as required by law or to satisfy a business requirement.
2. Uses the University’s UPN to uniquely and permanently identify individual faculty, staff, students and others associated with the University.
3. Uses the TCID to uniquely identify individuals in the College’s information systems.
4. Ensures that no new systems or technology will be purchased or developed by the College that use the SSN as a primary key to the database except where required by law. Any exemption to this policy must be approved by CIS and General Counsel.
5. Ensures that new systems or technologies purchased or developed by the College will only use SSNs as data elements (not as database keys) when required by law or business necessity.
6. Ensures that any request (verbal or written) for SSN data of employees, faculty, staff or students is for the legitimate purpose indicating intended use of such information.
7. Ensures that the SSN is redacted on any document or form requested when the SSN is not appropriate to the request.
8. Ensures that no new systems purchased or developed by the College displays SSN visually, whether on computer monitors or on printed forms or other output, unless required by law or business necessity.
9. Assures that transmissions protect SSN data in storage, in transit, and in backups.