university systems, including self-service applications and departmentally
administered systems. Our objectives are to:
1. Eliminate the collection of the SSN except where required by law.
2. Eliminate the use of SSN in data systems, including display pages and reports.
3. Require the use of an exemption request when using or storing the SSN.
4. Increase awareness about the concern for privacy and the risk of identity theft
related to the disclosure of the SSN.
The University is required to collect the SSN for a variety of legally mandated
activities (e.g., income tax reporting, federally supported financial aid). All such
cases, including existing systems, must be documented, reviewed, and approved by
the Assistant Vice Chancellor of Information Technology or designee.
One Request Per Application
An exemption request must be made for each application that you own, run, and/or
utilize if that application uses SSNs. The application may be specific to the function
of your office. It may be a "shadow system" with an associated data base and/or
data files. It may be a test version of an application. Or it may be a Word document
or Excel Spreadsheet. (State law prohibits the use of employee SSNs to identify
employees except for those uses required for tax and benefit purposes.)
New Applications Require New Requests
An exemption request must be made for any new application that will utilize SSN.
The exemption request should be submitted before the purchase of the application.
At test version of an application will require its own exemption request.
Automatic Exemptions
Employees with accounts for accessing SAP/HR and SIS do no need to request
exemptions for SAP/HR or SIS access. If you extract SSNs from SAP/HR and/or SIS
and store those SSNs on electronic devices, such as your desktop, network storage,
flash drive, or other mobile device, you must submit an exemption request.