Social Security Number Use and Solicitation
Policy on Solicitation, Maintenance, and Use of Social Security Numbers
These guidelines are established by The University of Texas at El Paso (UTEP) for the proper solicitation and use of Social Security Numbers (SSNs) as reasonably necessary in carrying out its responsibilities and conducting its daily business and academic activities that support its mission. These guidelines apply to all individuals, including students, employees, and external constituents.
The University shall not request, maintain or utilize individual Social Security Numbers for identification purposes except as required or permitted by Federal or state law. UTEP shall comply with the requirements of all federal and state statutes governing solicitation, maintenance, and use of SSNs, including UT165-UT System Information Resources Use and Security Policy, which can be viewed at http://www.utsystem.edu/policy/policies/uts165.pdf. SSNs shall not be used as the primary identifier for basic campus services, unless required by statute.
Solicitation of SSNs and Notice Requirements
UTEP may request and solicit an individual's SSN in order to conduct its daily business and meet federal or state statutes. Any individual requested by UTEP to disclose their SSN shall be notified: 1) that disclosure of their SSN is mandatory to comply with federal or state statutes, 2) how the SSN will be used by UTEP, and 3) the statute or legal authority under which the SSN is being requested.
To comply with notice requirements, notices regarding mandatory disclosure of SSNs shall be placed directly on forms requesting SSNs from individuals or placed within an office in a prominent location reasonably visible by individuals disclosing their SSNs. Notices may be attached to current forms stock, if necessary, until the stock is reprinted and replenished.
The following sample notice may be used to notify individuals when disclosure of their SSNs is mandatory and requested by UTEP to meet state or federal statutes:
| || |
Disclosure of your social security number (SSN) is requested by the (office/department) at the University of Texas at El Paso (UTEP) to comply with federal and or state statutes. Disclosure of your SSN is required for UTEP to (report/calculate/track) (type of information) to the (federal/state agency) as required by (statute) . Further disclosure of your social security number will be governed by the Public Information Act (Chapter 552 of the Texas Government Code) and University policies. Under Section 559.003 of the Texas Government Code you are entitled, with few exceptions, to request and review information UTEP collects about you and to have any incorrect information about you corrected.
For assistance in developing SSN disclosure notifications, contact the Information Security Office at (915) 747-6324, or via email at firstname.lastname@example.org.
Assignment of Unique Identification Numbers
A unique UTEP ID number has been assigned to all students and employees at the earliest possible point of contact between the individual and the University. The UTEP ID number will be used to identify, track, and service students and employees during the course of official university business.
Disclosure of SSNs Not Mandated by Law or Statute
UTEP departments shall not require the disclosure of a SSN by an individual if it is not required to comply with state or federal statutes. Alternate means for tracking or identifying individuals should be established. UTEP ID numbers should be requested to provide services to students, faculty and staff. For external parties, alternate means for tracking or identifying individuals shall be established. For assistance please contact the Information Security Office at (915) 747-6324.
Refusal by Individuals to Disclose SSNs
Except in those instances UTEP is legally required to collect SSNs, individuals refusing to disclose their SSNs should not be denied access to services.
Protection of SSNs and UTEP ID Numbers (80/88)
All SSNs obtained or maintained by UTEP shall remain confidential. Any use or disclosure of SSNs by UTEP for purposes other than those stated when the SSNs were solicited is prohibited without the written consent of the SSN holder.
Under no circumstances should SSNs or UTEP ID Numbers (80/88) be publicly posted, disclosed to the public, or shared with non-regulatory entities or individuals not directly involved in the department's daily business activities. Student grades or employee timecards may not be publicly posted or displayed with SSNs/UTEP ID Numbers or any portion of the SSN/UTEP ID Number that may directly or indirectly identify the individual.
SSNs will not be printed on UTEP Miner Gold ID card issued to students and staff. SSNs shall not be printed on a card or other device intended to provide access to a service or product.
SSNs will be protected to the extent provided by law. Employees should make certain they have completed the Public Access Option Form to elect whether to allow public access to their SSN and other personal data. This form is available at Human Resource Services in the Administration Building.
Mailings of documents containing SSNs shall ensure that the SSN are protected, including non-exposure of SSNs through window envelopes.
Electronic Transmission and Use of SSNs
All requests for and transmittal of SSNs by UTEP electronically (internet, phone, and e-mail) shall be made over secured media and/or encryption. Any electronic or computer transmittal of files containing SSNs shall be secured with password, encryption, or other secured means.
Storage of Documents Containing SSNs
Paper, computerized, or electronic documents or files containing SSNs shall be protected at all times using physical and technical safeguards. Computer or electronic files containing SSNs shall not be stored or reside on equipment or systems that are not protected against unauthorized access. Physical files containing SSNs shall be secured and made available only to authorized staff.
Disposal of Documents Containing SSNs
Provided State retention requirements have been met, paper and electronic documents or files containing SSNs will be disposed of in a secure fashion, such as shredding. Computer files containing SSNs residing on disks, tapes, or hard drives shall be appropriately destroyed.
Employees Using SSNs
All departments shall limit access to records containing social security numbers to only those employees who need to see the number for the performance of the employee's job responsibilities. All employees with access to SSNs are required to protect the confidentiality of these numbers, or be subject to appropriate disciplinary action.
Disclosure to Outside Parties
SSNs may not be shared with outside parties unless required or permitted by law or consented to in writing by the individual. Disclosure to external parties is permitted provided they are an agent or contractor for the institution whom has agreed in writing to protect the confidentiality of SSNs.
Reporting SSN Compliance
Employees shall promptly report inappropriate disclosure or use of SSNs to their supervisors, who shall report the disclosure to the Information Security Office at (915) 747-6324 or email@example.com.