Date Established: 11/19/06
Date Last Revised: 8/10/11
Category: Information Technology
Responsible Office: Office of the CIO
Responsible Executive: CIO
Be sure to disable the "shrink to fit" feature on your internet browser's print dialog box.
This policy discontinues the use of Social Security Numbers as electronic data within applications and files. Proposed is a plan for the stepwise elimination of this practice.
It is the policy of the University at Buffalo that the use of the Social Security Number as a common identifier and the primary key to databases be discontinued, except where required for employment, financial aid, and a limited number of other business transactions.
Disclosure statements will be provided whenever a Social Security Number is requested, in compliance with the Federal Privacy Act of 1974.
UB is committed to maintaining the privacy and confidentiality of an individual’s Social Security Number as mandated by law.
Legal Requirements: Collection, Use, and Dissemination of Social Security Numbers
FERPA protects the privacy of student educational records and requires schools to minimize collection and use of student Social Security Numbers. Social Security Numbers should be collected only for the purpose of processing student loans, employment, and to meet other legal obligations.
“Institutions shall not display student Social Security Numbers on public listings of grades, class rosters, student ID cards, student directories, or anything else unless specifically authorized or required by law.”
A phased-in implementation of this policy is needed, since many major systems at the University are currently using Social Security numbers as key identifiers. Conversion of these systems is needed without causing serious disruptions in University business. A plan for a steady and purposeful movement away from dependency on Social Security Numbers will be developed. UB units have begun work on reducing the availability and use of personally identifiable information such as the SSN.
Our goal is that the use of Social Security numbers as a common identifier and primary key to database will be discontinued except where required for employment, financial aid, and a limited number of other business transactions as of January 1, 2006. As of this date, data custodians will be responsible for maintaining the privacy and confidentiality of SSNs on their systems as mandated by law.
An employee or student who has substantially breached the confidentiality of Social Security Numbers will be subject to disciplinary action or sanctions up to and including discharge and dismissal in accordance with University policy and procedures.
Violation may also result in criminal prosecution. It is a felony, punishable by up to 5 years in prison, to compel a person to provide a Social Security Number in violation of Federal Law.
Office of the Chief Information Officer
517 Capen Hall
Buffalo, NY 14260