Social Security Number Guidelines

University of Illinois Policy

The University of Illinois is dedicated to ensuring the privacy and proper handling of confidential information relating to its students, employees, and individuals associated with the University. The primary purpose of the Social Security number policy is to ensure that the necessary procedures and awareness exist so that University employees and students comply with both the letter and the spirit of the Family Educational Rights and Privacy Act and Privacy Act of 1974.

Objectives:

  • Broad awareness of the confidential nature of the Social Security number;
  • Reduced reliance upon the Social Security number for identification purposes;
  • A consistent policy towards treatment of Social Security numbers throughout the University; and
  • Increased confidence by students, employees and individuals associated with the University that Social Security numbers are handled in a confidential manner.

Guidelines for AITS Developed Systems:

Systems developed in-house by AITS will not use the Social Security number as a record key or database key.

AITS in-house developed systems will use an individual's University Identification Number (UIN) or similar iKey university standard as an identifier instead of the Social Security number.

Before a project begins the client will justify a business case to the University Social Security Number Oversight Committee for all uses of Social Security numbers.

Social Security numbers will only be available for uses as approved by the University Social Security Number Oversight Committee.

Any transmission of data containing Social Security numbers over any communication network must be transmitted in a secure fashion.

Any interactive system that collects SSN from an end user should display a disclosure statement approved by the Social Security Number Oversight Committee.

Timeframe for Implementation

The University recognizes that many of its systems are currently keyed to the use of Social Security numbers as identifiers, and that conversion of these systems would be extremely disruptive and costly. Many systems will be replaced by the ERP. The remaining systems will either be modified or the Social Security Number Oversight Committee will approve the use of the Social Security number. Systems are expected to be fully compliant by December 31, 2005.

Systems that are targeted for replacement or elimination by the ERP will not be modified to eliminate the use of SSN.

This policy was effective January 1, 2001

Procedural Examples:

When the University Identification Number (UIN) is unavailable, a search by a combination of fields (such as last name, and home zip a) could be used. When approved by the University Social Security Number Oversight Committee, the Social Security number may be used as an alternate search field.

When requested to provide sensitive information that falls under the FERPA guidelines, AITS staff will contact the data custodian (OAR for student, OBFS for financial, and HR for payroll) for the approval to provide the data. The data custodian will obtain approval for Social Security number use from the Social Security Number Oversight Committee and provide the approval to AITS.

The data custodian will inform his/her clients about the legal requirements to maintain the confidentiality of the Social Security number imposed by the Family Educational Rights and Privacy Act and the Privacy Act of 1974.

New applications that interface to legacy systems will use the UIN as a logical identifier for a person (i.e., it might not be the physical record or database identifier); the UIN will be converted to the Social Security number if required to interface with the legacy system.

For More Information:

For a full description of the Social Security number approval process see http://www.ssn.uillinois.edu.