Campus Use of Social Security Numbers
The use, display and security of social security number in information systems is an ongoing national concern. Identity theft is on the rise, and one of the keys to stealing someone’s identity is access to their social security number.
We are addressing the larger issue of social security numbers to minimize our reliance on ssn throughout all of our IT systems and business processes across campus. Listed below are some of the projects we have completed to address this issue.
- Transition from SSN to TCNJID in our mainframe student applications.
- Removal of SSN from the Gold Club card. This included changing the underlying database and re-issuing id cards for all faculty, staff and students.
- Removal of SSN from the account lookup web page. Users can now provide either their student TCNJID, employee id, or their Get It Card#.
- Eliminating the use of SSN to process travel request and expense reports
- Eliminating the use of SSN by Student Services staff.
- The College has sent security addendums to any contractors that have access to personal or business information. These addendums notify the vendors of our concern about security and the standards that they are legally bound to follow by nature of their access to this data.
- Eliminating the use of SSN in various forms, reports and business processes around campus.
- Departments are reviewing historical data and destroying records that include SSN that are no longer needed.
New Jersey has passed legislation that limits the use of social security numbers. The NJ Identity Theft Prevention Act restricts organizations from:
- Posting SSN or any 4 or more consecutive numbers
- Printing SSN on mailed materials, unless required by law
- Printing SSN on any card required to access products/services
- Intentionally communicating SSN or making SSN available to the public
- Requiring transmittal of SSN over the internet, unless the connection is secure or the SSN is encrypted
- Requiring SSN to access an internet web site, unless a password (or other) is also required to access
All departments should be in compliance with this new regulation. If you have any questions, please contact the Helpdesk (x2660) or at email@example.com who will be able to route your question to the appropriate person.