Updating...
Skip to main content
Filter your search by category. Current category:
All
All
Knowledge Base
Service Catalog
Search the client portal
Search
Sign In
Show Applications Menu
Client Portal
Sign In
Search
Home
Chat
Services
Knowledge Base
More Applications
Skip to Knowledge Base content
Search
Articles
Blank
Knowledge Base
IT Security - Compliance
Sensitive Data
ECU Standard for Collection, Use, Disclosure of SSN and PII
ECU Standard for Collection, Use, Disclosure of SSN and PII
Tags
research
ssn
compliance-sensitive-data
SSNs may not be used as a primary identifier in a University system, including as an indexing system for imaged documents, unless the University’s Identify Theft Protection Committee (ITPC) grants permission. If permission is not granted, the indexes must be changed to use ECU ID numbers or another key, or the documents must be purged from the system. SSNs may be a part of historical databases or imaged documents given its past use as the primary identifier at the University. The use of such historical databases must be approved by the ITPC.
Once approval is received from the ITPC, access to documents containing SSNs must be limited to authorized persons and secured using authorization controls, including passwords.
Records, databases, spreadsheets, etc., containing SSNs or PII shall not be stored on University or personal computers or other electronic devices if not authorized by the ITPC and secured against unauthorized access.
ECU employees or agents may not ask for an SSN if it is not necessary and relevant to the purposes of the University and written approval is given by the ITPC.
All requests for SSNs must be accompanied by a Disclosure Statement stating the purpose of collecting the SSN.
ECU employees or agents may not disclose SSNs to unauthorized persons or entities.
All disclosures of SSNs and PII shall be approved by the ITPC.
Transmission of SSNs unencrypted over the internet is prohibited.
Historical records containing SSNs in off-line storage, such as paper, tape, cartridge, fiche, microfilm or magnetic media may be maintained, but access to these off-line records must be limited and secure.
All records that are no longer needed must be purged, and disposal of the records must follow University deletion policies and procedures.
ECU employees and agents shall promptly report to their supervisors and the Pirate Techs Service Deak - 252-328-9866 | 800-340-7081 any inappropriate disclosure of SSNs.
ECU employees and agents who collect, manage, and disseminate SSNs must undertake annual audits to demonstrate adequate processes and controls are in place that maintain the integrity and confidentiality of the data.
The ECU ID has replaced the SSN as the primary unique identifier for the University.
The ECU ID is a nine character value beginning with “B” and then an eight digit number using the following format: BXXXXXXXX.
The ECU ID number for an individual will not be available to the general public, such as through the University Directory Search.
Sign in to leave feedback
0 reviews
Blank
Blank
Blank
Details
Article ID:
67422
Created
Fri 11/8/19 3:44 PM
Modified
Fri 2/23/24 12:37 PM
Service Owner
Information Security
Deleting...
×
Share
Recipient(s)
- separate email addresses with a comma
Message
Press Alt + 0 within the editor to access accessibility instructions, or press Alt + F10 to access the menu.
Check out this article I found in the Client Portal knowledge base.<br /><br /><a href="https://ecu.teamdynamix.com/TDClient/1409/Portal/KB/ArticleDet?ID=67422">https://ecu.teamdynamix.com/TDClient/1409/Portal/KB/ArticleDet?ID=67422</a><br /><br />ECU Standard for Collection, Use, Disclosure of SSN and PII<br /><br />Guide for management of SSNs in both current and historical university data for digital and non-digital forms.