SSN Use Policy FAQ

Version 1.4
Last Revision Date:  October 15, 2009
Approval Date: October 15, 2009
Approval Authority:  ITSPAC

Yes, the policy applies when you are transmitting or storing any Case Western Reserve University information.  This policy applies to all information technology resources used to conduct University business, and/or to manage sensitive University information.

If you are not specifically authorized to retain SSN based data in your position or role at the university, you should take appropriate steps to securely shred the old files.  If they are part of needed data, such as in a spreadsheet or a PDF form, you must redact the SSN data from the files. 

All CWRU personnel are encouraged to visit Access Services to ensure their ID Badge is re-encoded with their employee ID.  All new ID Badges issued since 2007 by default do not have the SSN on the magnetic stripe.

The university requires SSNs (and names together) that are not in centrally managed systems to be protected with Tier III Controls, which include encryption while stored on a hard drive or during communications.  You should remove/delete such unencrypted email messages and securely wipe the file from your computer.

Fax machines at CWRU are not specifically designed to send secure faxes, and thus you should consider the fax process to similar to email.  Faxes used to utilize analog telephone lines, but now use network systems, and often get routed at email message attachments.