Policies

Policy #: 12-02

Effective: July 1, 2012

Revised:

Section: Security

Subject: Storage of Social Security Numbers

 

PURPOSE

To describe how Social Security Numbers (SSNs) are to be used, stored, and processed on computers and servers in the College of Health and Human Development (CHHD).

 

POLICY APPLIES TO

All employees of CHHD. This includes staff in all departments, administrative offices, schools, and research centers affiliated with the College.

 

POLICY

The collection and storage of SSNs beyond the CIDR application is prohibited unless an SSN authorization is granted, per Penn State policy AD-19, Use of Penn State Identifier and Social Security Number.

SSN authorization requests must be renewed on an annual basis. To request authorization to use, store or process SSNs, an authorization form must be completed and submitted to the Privacy Office (PO) for review. Additionally, there are network and system security measures that must be met to protect the environment where the SSNs will be used, stored or processed. You must contact ISS (865-INFO) before or immediately after submitting your form to the PO so we are aware of your intentions. We will provide guidance for your intended use of SSNs at that time.

The SSN authorization form can be found here. (Note: You will need to use your PSU WebAccess credentials to access this page).

SSN authorizations previously granted will be subject to periodic on-site assessments confirming that the data is being kept in a secure location. Additionally, the SSN authorization form will require renewal on an annual basis.