Effective Date: September 10, 2007
The University's policy is to protect Social Security Number (SSN) or equivalent data from unauthorized or unnecessary disclosure.
Reason(s) for the Policy
Federal and state statues require handling SSNs in the most confidential manner. The distinctiveness of the SSN as an individual identifier makes it increasingly vulnerable to exploitation. Identity theft and the compromise of personal information are a growing concern for many institutions. The purposes of this policy are to:
Primary Policy to Which This Policy Responds
This policy responds to all applicable federal and state statutes pertaining to use of Social Security Numbers. These statutes include, but are not limited to, the New York State Law, the New York State Information Security Breach and Notification Act, the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Gramm-Leach-Bliley Act (GLBA).
Responsible University Officer and Office
Compliance Responsibility: Office of the General Counsel
Policy Maintenance and Technical Support: Columbia University Information Technology (CUIT) and Security Office
This policy is established in June 2007 (Initial Draft).
Who is Governed by This Policy
This policy applies to all individuals who access, use, or control information technology and/or non-electronic records containing SSN information. The individuals covered include, but are not limited to, faculty, staff, students, and those working on behalf of the University.
Who Should Know This Policy
All individuals listed above, particularly the custodians of SSN data.
Exclusions & Special Situations