Social Security Numbers are highly confidential and
legally-protected data. The Federal Privacy Act of 1974, the
Family Educational Rights and Privacy Act (FERPA) and
NY State statutes regulate the collection, use, and dissemination
of social security numbers. UB is committed to protecting the
privacy and legal rights of its community members and to educating
the university community regarding the confidential nature of SSNs.
As a university we must work to reduce or eliminate the use of
SSN's for identification purposes and to ensure that SSN's are
secured in all university databases and applications. UB is
required to notify individuals if there is a security breach
involving their SSN's ( NY
State Information Security Breach and Notification Act ).
Access to InfoSource data containing Social Security Numbers
(SSN) is limited to those with a legal or business need in the
performance of their job responsibilities and will be granted by
data trustees where appropriate. This access may not be delegated
to or shared with anyone. Data trustees will revoke access to
InfoSource data SSN display when employees are terminated, change
job responsibilities, no longer need this access in their new
position, or if the employee violates university standards for use
and securing of private information such as SSNs. (See Standards
for Securing Regulated Private Data )
Requesting Access to InfoSource Data Displaying SSN
Data trustees grant and revoke access to SSNs.To request access,
complete the following steps:
The InfoSource/SSN Access Committee composed of Data
Trustees, the campus Information Security Officer, and a
representative from Enterprise Application Services, will review
the request and you will be informed of the decision to grant or
deny access by
the Data Trustee.
What is a Valid Request?
Please note that you will need to supply the legal or business
purpose for access to InfoSource data containing SSNs. Although you
may need to collect and use SSNs in your work, you may not need to
view SSNs in InfoSource data. For example, SIRI, not InfoSource, is
the database of record for HR and payroll data. In most cases,
person number can be used in lieu of Social Security Number.
The following are examples of business areas where the University is required to collect and share SSNs.
Process for Review
After receiving the completed and signed form, the Data Trustee
will review your request and notify you, your supervisor, and the
head of your area of his/her decision as soon as possible. If you
are granted access to InfoSource data containing SSNs, you will
also be sent guidelines for securing sensitive, private
information, such as SSN data. DataTrustees will have access to a
report of all employees authorized to access SSNs, and will monitor
access and conduct an annual review of the continued need for
Standards for Securing Private and Regulated Institutional
University at Buffalo has legal and ethical obligations to protect the privacy and confidentiality of private information such as the SSN and credit/debit card numbers. All those with access to protected private information such as the SSN are required to review and comply with the University.