Policy Manual

3.9 Social Security Privacy Act

Purpose

To establish standards by which Social Security Numbers will be managed to achieve accuracy, privacy and legal compliance and to ensure the security of one’s identity.

Scope

All employees of the College.

Policy

As required by the Michigan Social Security Number Privacy Act, Public Act 454 of 2004, MCL 445.81 et seq., Rochester University has implemented a privacy policy concerning the Social Security numbers that it possesses or obtains.

Rochester University obtains social security numbers from individuals for valid business purposes only, and ensures to the extent practicable the confidentiality of social security numbers in its possession. In order to properly secure and protect employee social security number/identification information, the College holds all employees and third party providers that use or have access to any employee’s social security number and information to the highest degree of confidentiality. Rochester University keeps all documents and records containing social security numbers and information in a secure environment with need to know access by authorized personnel only. When necessary, documents containing this information and other confidential information are properly destroyed through shredding or other means before disposal. Social security numbers will be collected only where required by federal and state law or as otherwise permitted by federal and state law for legitimate reasons consistent with the Privacy Policy.

Legitimate reasons for collecting a social security number include, but are not limited to:

  • Applicants may be required to provide a social security number for purposes of a pre-employment background check
  • Copies of social security cards may be obtained for purposes of verifying employee eligibility for employment
  • Social security numbers may be obtained from employees for tax reporting purposes and new hire reporting
  • For purposes of enrollment in any College employee benefit plans
  • On scholarship and loan applications
  • For credit accounts and credit records

Social security numbers will not be:

  • Publicly displayed
  • Used as the primary identifier for an individual, except where existing College records or record systems require such use
  • Visibly printed on identification cards or badges

Where all or more than four sequential digits of a social security number are contained within a document subject to release under the Freedom of Information Act, the social security number shall be redacted or otherwise rendered unreadable before the document or copy of a document is disclosed.

Only authorized personnel may access records and documents both internal and external that contains employee social security number and identification information. Any employee or individual who accesses social security data without authorization or for illegal purposes will be disciplined up to and including discharge. If illegal intent is determined employees will be referred to authorities for possible criminal prosecution.

What this means for students

Rochester University is committed to protecting the privacy of its students, staff, faculty and alumni, as well as other individuals associated with it. Be informed that the disclosure of your SSN is generally voluntary, except for services relating to employment and student loans. SSNs collected by the College may be used: (1) to identify such applications for admission, registration-related documents, grade reports, transcript and certification requests, medical immunization records, student financial records, financial aid records, and permanent academic records; (2) to determine eligibility, certify school attendance, and report student status; (3) to identify and track grants, loans, and other financial aid programs; and (4) to identify and track employment. The SSN will not be disclosed to individuals or agencies outside the College except in accordance with College policy and applicable law. Federal law requires the College to collect a SSN in order to:

  • provide student employment; and to
  • provide financial aid.

In addition, providing the SSN insures:

  • timely processing of admission applications;
  • integrity of student records;
  • timely responses to requests for information after graduation; and
  • the reception of appropriate tax credits for tuition (under the Taxpayers’ Relief Act of 1997)

Students with questions about the SSN policy should feel free to contact the Human Resources Department.

What this means for Faculty

The Family Educational Rights to Privacy Act (FERPA) permits faculty to have access to a student’s Social Security number. A student’s Social Security number is part of his or her academic record. Social Security numbers, however, are highly confidential and are afforded legal protections beyond those detailed in the FERPA regulations. The following guidelines highlight specific aspects of the College policy and FERPA relating to Social Security numbers of particular interest to faculty members.

  • Social Security numbers, or any portion thereof, should never be posted.
  • Grade or class rosters with Social Security numbers should be disposed of in a secure manner, e.g., shredder or confidential recycling bin.
  • Social Security numbers should not be made available to individuals or organizations outside of the College.
  • Social Security numbers should only be exchanged between individuals within the College when absolutely necessary and no alternatives exist.
  • Social Security numbers should not be used as part of an electronic authentication system (i.e., used as either a login or password).

Faculty with questions about the SSN policy should feel free to contact the Human Resources Department.

What this means for Staff

The Family Educational Rights to Privacy Act (FERPA) permits staff to have access to a student’s Social Security number. College employees who need access to SSNs will continue to have that access. The College policy, however, requires active participation from these staff members. These employees should:

  • question whether SSNs are truly required for a given procedure or practice;
  • insure that printed documents containing SSNs are destroyed in a secure manner (e.g., shredder, confidential recycling bins); and
  • explain, when requesting the SSN, 1) whether submission is mandatory or voluntary; 2) by what authority the number is solicited; and 3) what uses will be made of it.

Staff with questions about the SSN policy should feel free to contact the Human Resources Department.