|
|
SSN Use Policy FAQ
|
Case Western Reserve University
Social Security Number Use Policy
Frequently Asked Questions (FAQ)
Version 1.4
Last Revision Date: October 15, 2009
Approval Date: October 15, 2009
Approval Authority: ITSPAC
What
if I'm using my
personally purchased computer? Does this policy still apply?
Yes, the policy
applies when you are transmitting or storing any Case
information. This policy applies to all information technology
resources used to conduct University business, and/or to manage
sensitive University information.
What
am I supposed
to do with old files with SSN?
If you are not
specifically authorized to retain SSN based data in your
position or role at the university, you should take appropriate steps
to securely shred the old files. If they are part of needed data,
such as in a spreadsheet or a PDF form, you must redact the SSN data
from the files.
Does
my Case ID
Badge have my SSN on it?
All Case personnel
are encouraged to visit Case Access Services to
ensure their ID Badge is re-encoded with their employee ID. All
new ID Badges issued since 2007 by default do not have the SSN on the
magnetic stripe.
What
if I receive an
email message with somebody's SSN in it?
The university
requires SSNs (and names together) that are not in
centrally managed systems to be protected with Tier
III Controls,
which include encryption while stored on a hard drive
or during communications. You should remove/delete such
unencrypted email messages and securely wipe the file from your
computer.
Is
a fax a secure
means of sending forms SSN?
Fax machines at
Case are not specifically designed to send secure
faxes, and thus you should consider the fax process to similar to
email. Faxes used to utilize analog telephone lines, but now use
network systems, and often get routed at email message attachments.
|
|
