Social Security Number Usage Policy
The University has a responsibility to protect the identity of its faculty, staff and students, as well as all individuals with whom it has an association including alumni, donors, research subjects, patrons of UNL entertainment, athletic facilities and libraries, potential students, and affiliates. Since an individual's Social Security Number (SSN) is one of the most critical data items used to establish an identity, the University needs to take extra precautions to safeguard SSNs from unauthorized use.
The University of Nebraska-Lincoln shall not use Social Security Numbers to identify students, employees, or other information providers, outside of those identification uses specifically required by law, such as financial aid, payroll and benefit functions.
Effective January 1, 2007, Social Security Numbers (SSNs) - including any portion of the full nine digits-shall not be electronically collected, transmitted, or stored via University-sponsored services or using University-owned computing equipment, information systems or networks unless specifically authorized in writing by officials designated by the Chancellor. Individuals or departments that collect, transmit or store SSNs will take steps necessary to secure this data using best practices identified by the Chief Information Officer.
Failure to comply with this policy after January 1, 2007 may result in disciplinary actions taken by the University.
Harvey Perlman
Chancellor, University of Nebraska-Lincoln
June 23, 2006
Social Security Numbers (SSNs)..shall not be electronically collected, transmitted, or stored...unless specifically authorized in writing by officials designated by the Chancellor. Harvey Perlman Chancellor, UNL
What is Personally Identifiable Information (PII)?
Personally Identifiable Information, as defined by:
Nebraska Legislative Statute 87-802
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006
- Personal information means either of the following:
- A Nebraska resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable:
- Social security number;
- Motor vehicle operator's license number or state identification card number;
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident's financial account;
- Unique electronic identification number or routing code, in combination with any required security code, access code, or password; or
- Unique biometric data, such as a fingerprint, voice print, or retina or iris image, or other unique physical representation; or
- A user name or email address, in combination with a password or security question and answer, that would permit access to an online account.
- A Nebraska resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable:
Personal information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records; and
- Redact means to alter or truncate data such that no more than the last four digits of a social security number, motor vehicle operator's license number, state identification card number, or account number is accessible as part of the personal information.
Personal Identity
Information Inventory Tool
To obtain a PII inventory exception form, please contact the ITS security team