Federal and state statutes require handling Social Security Numbers (SSNs) in the most confidential manner. The distinctiveness of the SSN as an individual identifier makes it increasingly vulnerable to exploitation. The purpose of this policy is to:
- protect the confidentiality of SSNs;
- eliminate unnecessary storage and use of SSNs in College documentation, practices, and systems; and
- define the use of Columbia University’s University Network ID (UNI) and Teachers College’s ID Number (TCID), or “T Number,” as the alternate individual primary identifiers in College systems and practices.
This policy applies to all students, staff, faculty members, officers, employees, and affiliates of Teachers College, Columbia University, including extended learning sites, guests, tenants, visitors, contractors, consultants, vendors, individuals authorized by affiliated institutions and organizations, and all others granted use of and/or access to Teachers College, Columbia University technology resources and data.
The College’s policy is to protect Social Security Number (SSN) or equivalent data as defined in the Gramm-Leach-Bliley Act from unauthorized or unnecessary disclosure. As such, the use of the SSN as a primary identifier shall be avoided, except as required by law or as required by the business necessity. In order to protect the SSN of its faculty, staff, students, and other individuals associated with Teachers College, the College sets the following requirements:
- Do not collect SSNs except where necessary for employment records, financial aid records, health records, and other business and governmental transactions as required by law or to satisfy a business requirement.
- Use Columbia University’s UNI to uniquely and permanently identify individual faculty, staff, students, and others associated with the University.
- Use the TCID to uniquely identify individuals in the College’s information systems.
- Do not purchase or develop new systems or technology that use the SSN as a primary key to the database except where required by law. Any exemption to this policy must be approved by the Vice President of the respective area, in consultation with TC General Counsel.
- When required by law or business necessity, only use SSNs as data elements (not as database keys).
- When requesting SSN data of employees, faculty, staff, or students, such requests must be for a legitimate purpose indicating the intended use of such information.
- Redact SSN on any document or form requested when the SSN is not pertinent to the request.
- Do not display SSN visually, whether on computer monitors or on printed forms or other output unless required by law or business necessity.
- Encrypt SSN data in storage, in transit, and in backups.
- Servers housing databases or records containing SSNs should be of single purpose, with access restricted to system administrators, protected by an approved firewall appliance, and should not be used by individuals to access the Internet or access e-mail.
- Where possible, all records containing an SSN should be stored on network drives with access limited to those individuals or entities that require access to perform a legitimate University job function. Individual workstations, laptops, and other personal computing devices should not be used to store records containing SSNs.
- All removable or transportable media (e.g., paper forms, reports, cassettes, CDs, USB drives, etc.) containing SSNs must be secured when not in use. Reasonable security measures depend on the circumstances but may include locked file rooms, desks, and cabinets.
- Subject to applicable document retention policies or unless required by law, when no longer required, paper documents and electronic media containing SSNs will be destroyed or disposed of using methods designed to prevent subsequent use or recovery of information.
- SSNs will be released to entities outside the University only where permitted or required by law, or with the express written permission of the individual or entity, or where approved by the Vice President of the respective area, in consultation with TC General Counsel.
- The College will limit access to records containing SSN to those individuals requiring access as determined by job function. Individuals permitted access to SSN will be instructed on the appropriate handling and protection of this data by their management or designated representative.
Individual administrative and academic units are responsible for the development, documentation, and implementation of applicable procedures to effectuate this policy. Procedures are subject to review by the Offices of TC Information Security, General Counsel, and Controller for audit.
Responsible Office: Teachers College Information Technology
Effective Date: October 1, 2020
Last Updated: July 13, 2020