Information Resources Use and Security Policy

10.1. The university recognizes the special risks associated with the collections, use, and disclosure of social security numbers. Accordingly, the requirements of this section to apply to all social security numbers contained in any medium, including paper records that are collected, maintained, used, or disclosed by the university.

10.1.1. The university shall discontinue the use of social security numbers as an individual's primary identification number unless required or permitted by law. The social security number may be stored as a confidential attribute associated with an individual.

10.1.2. If the collection and use of social security numbers is permitted, but not required, by applicable law, the university shall use and collect social security numbers only as reasonably necessary for the proper administration or accomplishment of their respective business, governmental, educational and medical purposes, including, but not limited to:

10.1.2.1. As a means of identifying an individual for whom a unique identification number is not known;

10.1.2.2. For internal verification or administrative purposes; and

10.1.2.3. Use for verification or administrative purposes by a third party or agent conducting business on behalf of the university, where the third party or agent has contracted to comply with the safeguards described in Section 11 of this Policy.

10.1.3. Except in those instances in which the university is legally required to collect a social security number, an individual shall not be required to disclose his or her social security number and shall not be denied access to the services at issue based on such a refusal. An individual, however, may volunteer his or her social security number. Any request by the university that an individual provide his or her social security number for verification of the individual's identity where the social security number has already been disclosed does not constitute a disclosure for the purposes of this Policy. Examples of federal and state laws that require the collection of use of social security numbers are included in Appendices 2 and 3. Questions about whether a particular use is required by law should be directed to the Information Security Officer (via security@utexas.edu) who will consult with the Office of Legal Affairs and/or the UT System Office of General Counsel with respect to the interpretation of law.

10.1.4. The university reserves the right to designate only selected offices and/or positions as authorized to request that an individual disclose his or her social security number.

10.1.5. The university shall assign a unique identifier (for example, the UT EID) for each applicant, student, employee, insured dependent, research subject, patient, alumnus, donor, contractor, and other individuals, as applicable, at the earliest possible point of contact between the individual and the university.

10.1.6. The unique identifier shall be used in all electronic and paper Information Systems to identify, track, and serve these individuals. The unique identifier shall:

10.1.6.1. Be a component of a system that provides a mechanism for the public identification of individuals;

10.1.6.2. Be permanent and unique with the university as applicable and remain the property of, and subject to the rules of, the university; and

10.1.6.3. Not be derived from the social security number of the individual; or in the alternative, if the unique identifier is derived from the social security number, it must be computationally infeasible to ascertain the social security number from the corresponding unique number.

10.1.7. All services and Information Systems should rely on the identification services provided by the university's unique identifier system.

10.2. The university shall inform individuals when it collects social security numbers.

10.2.1. Each time the university requests that an individual initially disclose his or her social security number, it shall provide the notice required by Section 7 of the Federal Privacy Act of 1974 (5 U.S.C. sec. 552a), which requires that the individual be informed whether the disclosure is mandatory or voluntary, by what statutory or other authority the number is solicited, and what uses will be made of it. A subsequent request for production of a social security number for verification purposes does not require the provision of another notice.

10.2.1.1. The notice shall use the applicable test from Appendix 4 of this Policy or such other text as may be approved by the Information Security Officer who will consult with the Office of Legal Affairs and/or the UT System Office of General Counsel with respect to the interpretation of law.

10.2.1.2. It is preferable that the notice be given in writing, but if at times it will be given orally, procedures shall be implemented to assure and document that the notice is properly and consistently given.

10.2.1.3. Existing stocks of forms need not be reprinted with the disclosure notice; the notice may be appended to the form. Future forms and reprints of existing stock must include the notice printed on the form.

10.2.2. In addition to the notice required by the Federal Privacy Act, when the social security number is collected by means of a form completed and filed by the individual, whether the form is printed or electronic, the notice as required by Section 559.003 of the Texas Government Code must also be provided. That section requires that the university state on the paper form or prominently post on the Internet site in connection with the form that: with few exceptions, the individual is entitled on the request to be informed about the information that is collected about the individual; under Sections 552.021 and 552.023 of the Texas Government Code, the individual is entitled to receive and review the information; and under Section 559.004 of the Texas Government Code, the individual is entitled to have the incorrect information about the individual corrected.

10.3. Employees may not seek out or use social security numbers relating to others for their own interest or advantage.

10.4. The university must reduce the public display of social security numbers.

10.4.1. Grades may not be publicly posted or displayed in a manner in which all of any portion of either the social security number or the unique identifier identifies the individual associated with the information.

10.4.2. The social security number may not be displayed on documents that can be widely seen by the general public (such as time cards, rosters, and bulletin board postings) unless required by law. This section does not prohibit the inclusion of the social security number on transcripts or on materials for federal or state data reporting requirements.

10.4.3. If the university sends materials containing social security numbers through the mail, it shall take reasonable steps to place the social security number on the document so as not to reveal the number in the envelope window.

10.4.4. The university shall prohibit employees from sending social security numbers over across a network unless the connection is encrypted end-to-end or the social security number is encrypted or otherwise secured. The university shall require employees sending social security numbers by fax to take appropriate measures to protect the confidentiality of the fax (such measures include confirming with the recipient that the recipient is monitoring the fax machine).

10.4.5. The university shall not print or cause the individual's social security number to be printed on a card or other device required to access a product or service provided by or through the university.

10.5. All Information Systems acquired or developed after January 30, 2004 must comply with the following:

10.5.1. The Information System must use the social security number only as a data element or alternate key to a database and not as a primary key to a database;

10.5.2. The Information System must not display social security numbers visually (such as on monitors, printed forms, system outputs) unless required or permitted by law or permitted by this Policy;

10.5.3. Name and directory systems must be capable of being indexed or keyed on the unique identifier, once it is assigned, and not on the social security number; and

10.5.4. For those databases that require social security numbers, the databases may automatically cross-reference between social security numbers and other information through the use of conversion tables with the Information System or other technical mechanisms.