ECU Standard for Collection, Use, Disclosure of SSN and PII

  1. SSNs may not be used as a primary identifier in a University system, including as an indexing system for imaged documents, unless the University’s Identify Theft Protection Committee (ITPC) grants permission. If permission is not granted, the indexes must be changed to use ECU ID numbers or another key, or the documents must be purged from the system. SSNs may be a part of historical databases or imaged documents given its past use as the primary identifier at the University. The use of such historical databases must be approved by the ITPC.
  2. Once approval is received from the ITPC, access to documents containing SSNs must be limited to authorized persons and secured using authorization controls, including passwords.
  3. Records, databases, spreadsheets, etc., containing SSNs or PII shall not be stored on University or personal computers or other electronic devices if not authorized by the ITPC and secured against unauthorized access.
  4. ECU employees or agents may not ask for an SSN if it is not necessary and relevant to the purposes of the University and written approval is given by the ITPC.
  5. All requests for SSNs must be accompanied by a Disclosure Statement stating the purpose of collecting the SSN.
  6. ECU employees or agents may not disclose SSNs to unauthorized persons or entities.
  7. All disclosures of SSNs and PII shall be approved by the ITPC.
  8. Transmission of SSNs unencrypted over the internet is prohibited.
  9. Historical records containing SSNs in off-line storage, such as paper, tape, cartridge, fiche, microfilm or magnetic media may be maintained, but access to these off-line records must be limited and secure.
  10. All records that are no longer needed must be purged, and disposal of the records must follow University deletion policies and procedures.
  11. ECU employees and agents shall promptly report to their supervisors and the Pirate Techs Service Deak - 252-328-9866 | 800-340-7081 any inappropriate disclosure of SSNs.
  12. ECU employees and agents who collect, manage, and disseminate SSNs must undertake annual audits to demonstrate adequate processes and controls are in place that maintain the integrity and confidentiality of the data.
  13. The ECU ID has replaced the SSN as the primary unique identifier for the University.
  14. The ECU ID is a nine character value beginning with “B” and then an eight digit number using the following format: BXXXXXXXX.
  15. The ECU ID number for an individual will not be available to the general public, such as through the University Directory Search.
Print Article


Article ID: 67422
Fri 11/8/19 3:44 PM
Fri 2/23/24 12:37 PM
Service Owner
Information Security