SSN Use Policy FAQ
Frequently Asked Questions (FAQ)
Last Revision Date: October 15, 2009
Approval Date: October 15, 2009
Approval Authority: ITSPAC
What if I'm using my personally purchased computer? Does this policy still apply?
Yes, the policy applies when you are transmitting or storing any Case information. This policy applies to all information technology resources used to conduct University business, and/or to manage sensitive University information.
What am I supposed to do with old files with SSN?
If you are not specifically authorized to retain SSN based data in your position or role at the university, you should take appropriate steps to securely shred the old files. If they are part of needed data, such as in a spreadsheet or a PDF form, you must redact the SSN data from the files.
Does my Case ID Badge have my SSN on it?
All Case personnel are encouraged to visit Case Access Services to ensure their ID Badge is re-encoded with their employee ID. All new ID Badges issued since 2007 by default do not have the SSN on the magnetic stripe.
What if I receive an email message with somebody's SSN in it?
The university requires SSNs (and names together) that are not in centrally managed systems to be protected with Tier III Controls, which include encryption while stored on a hard drive or during communications. You should remove/delete such unencrypted email messages and securely wipe the file from your computer.
Is a fax a secure means of sending forms SSN?
Fax machines at Case are not specifically designed to send secure faxes, and thus you should consider the fax process to similar to email. Faxes used to utilize analog telephone lines, but now use network systems, and often get routed at email message attachments.