Information Computing and Technology Services

Frequently Asked Questions

What is the Identity Theft Protection Committee (ITPC)?

What is the regulation on SSN and PII?

What is the standard on SSN and PII?

Will the new regulation eliminate the use of SSN on the campus?

There are SSNs on documents that we currently store. What should we do with such documents?

How do I know if I have electronic data that contain SSN?

How do I or my department request to use, collect, store or disclose SSN?

Do we have to have all new forms printed using ECU ID instead of SSN? We can't afford that.

We have collaborators in our department. Since they aren't employees, are they covered by this regulation?

How do I dispose of information with SSN data stored on paper copies?

How do I dispose of data containing SSN stored on a computer?

How do I delete SSN data stored on CD-ROM or DVD-ROM disks? 

How do I delete SSN data stored on removable media (e.g., floppy disk, Zip disk, tape)? 

Who do I ask for advice on deleting data securely?

How do I encrypt SSN data that I store or transmit?




What is the Identity Theft Protection Committee (ITPC)?

During the 2005 legislative session, the General Assembly enacted the North Carolina Identity Theft Protection Act. This act imposes restrictions upon the collection and segregation of Social Security Numbers (SSN) and upon the disclosure and security of SSNs and other personal identifying information (PII). ECU established the Identity Theft Protection Committee (ITPC) to oversee compliance with respect to the collection, segregation, disclosure and security of SSNs and PII and the development of related policies/regulations. Click here for ITPC members.

What is the regulation on SSN and PII?

It is a university regulation that SSNs and PII may only be collected, used and disclosed by ECU and its employees and agents as permitted by applicable law and university regulation and only in furtherance of legitimate university business. It sanctions the ITPC and governs its review and approval of the use of SSNs and PII for the university.

What is the standard on SSN and PII?

It is a university standard that provides specific actions that ECU employees and its agents should take with regard to the collection, use, and disclosure of SSNs and PII. Please visit www.ecu.edu/ssnresource to review the SSN and PII Standard.

Does this regulation eliminate the use of SSN on the campus?

No. Although the university has minimized the use of Social Security Numbers (SSNs) to the greatest degree possible, there are still instances in which SSNs will be required, such as in financial aid forms and employment forms. When this is the case, the request for SSN form must be submitted to the ITPC accompanied by a disclosure statement explaining how the SSN will be used.

There are SSNs on documents that we currently store. What should we do with such documents?

Older documents and files still exist which include SSNs. It is not practical to remove the SSNs from these documents, so follow safeguards such as 1) Paper copies must be kept locked and inaccessible to unauthorized users, 2) Electronic copies must be moved to secure storage and/or encrypted. If you have a question concerning this, please contact the ITPC.

How do I know if I have electronic data that contain SSN?

Do you have old student course rosters, I9 forms, timesheets, performance evaluations or other personnel documents? Much of the data containing SSN or other PII may no longer be used, but still resides on your computer. Conduct an assessment of your data to determine if it is still required (follow records management guidelines). If data is no longer required, delete such data. Submit a service request to the university IT Help Desk to request assistance on determining if you have data that contains SSNs.

How do I request to use, collect, store or disclose SSN?

If you have a legitimate business need to collect, use, store or disclose SSN, send an email request to ITPC@ecu.edu and a representative will contact you concerning your request.

Are we allowed to use up old forms that still ask for the SSN?

Yes, but changes should be implemented when existing supplies of forms are exhausted. If you no longer request SSN but ECU ID, you must write-in ECU ID where SSN is printed. If you have received approval by the ITPC  to use, collect, store and disclose SSNs, please attach the disclosure notice that appears under the forms section of the www.ecu.edu/ssnresource web page. You also must ensure that you physically secure any forms with SSNs on them.

We have collaborators in our department. Since they aren't employees, are they covered by this regulation?

Yes, since they may be performing some of the same duties as employees, they are subject to the same policies and regulations.

How do I dispose of information with SSN data stored on paper copies?

Follow the university’s record retention policy prior to disposal. If copies no longer need to be stored, use a crosscut shredder or a certified shredding service.

How do I dispose of data containing SSN stored on a computer?

Using the DELETE button on your computer does not really delete data from your hard drive. You must use an approved data deletion program to delete the data by overwriting it with random characters at least 7 times (Department of Defense standard for secure data deletion). If the computer is destined for surplus using established university procedures, this procedure is already performed on all hard drives before they are surplused.

How do I delete SSN data stored on CD-ROM or DVD-ROM disks? 

The disk must be destroyed, whether in a disk shredder or by breaking the disk into small pieces. Scratching the surface of the disk does not destroy the data stored on the disk.

How do I delete SSN data stored on removable media (e.g., floppy disk, Zip disk, tape)? 

There are two removal options:

1) You must use an approved data deletion program to delete the SSN data by overwriting it with random characters at least 7 times.

2) The media must be cut into small pieces. Contact the IT Help Desk at http://help.ecu.edu or 328-9866 for assistance.

Who do I ask for advice on deleting data securely?

Contact the IT Help Desk at http://help.ecu.edu or 328-9866.

How do I encrypt SSN data that I store or transmit?

It is imperative that you are authorized to store or transmit SSN. If you have not received approval for the use, collection, storage of disclosure of SSN, please email ITPC@ecu.edu for information. If you have been approved by the ITPC, contact the IT Help Desk at http://help.ecu.edu or 328-9866 if you have questions on encryption.

Need Help?