During the 2005 legislative session, the General Assembly enacted the North Carolina Identity Theft Protection Act. This act imposes restrictions upon the collection and segregation of Social Security Numbers (SSN) and upon the disclosure and security of SSNs and other personal identifying information (PII). ECU established the Identity Theft Protection Committee (ITPC) to oversee compliance with respect to the collection, segregation, disclosure and security of SSNs and PII and the development of related policies/regulations. Click here for ITPC members.
It is a university regulation that SSNs and PII may only be collected, used and disclosed by ECU and its employees and agents as permitted by applicable law and university regulation and only in furtherance of legitimate university business. It sanctions the ITPC and governs its review and approval of the use of SSNs and PII for the university.
It is a university standard that provides specific actions that ECU employees and its agents should take with regard to the collection, use, and disclosure of SSNs and PII. Please visit www.ecu.edu/ssnresource to review the SSN and PII Standard.
No. Although the university has minimized the use of Social Security Numbers (SSNs) to the greatest degree possible, there are still instances in which SSNs will be required, such as in financial aid forms and employment forms. When this is the case, the request for SSN form must be submitted to the ITPC accompanied by a disclosure statement explaining how the SSN will be used.
There are SSNs on documents that we currently store. What should we do with such documents?
Older documents and files still exist which include SSNs. It is not practical to remove the SSNs from these documents, so follow safeguards such as 1) Paper copies must be kept locked and inaccessible to unauthorized users, 2) Electronic copies must be moved to secure storage and/or encrypted. If you have a question concerning this, please contact the ITPC.
Do you have old student course rosters, I9 forms, timesheets, performance evaluations or other personnel documents? Much of the data containing SSN or other PII may no longer be used, but still resides on your computer. Conduct an assessment of your data to determine if it is still required (follow records management guidelines). If data is no longer required, delete such data. Submit a service request to the university IT Help Desk to request assistance on determining if you have data that contains SSNs.
If you have a legitimate business need to collect, use, store or disclose SSN, send an email request to ITPC@ecu.edu and a representative will contact you concerning your request.
Yes, but changes should be implemented when existing supplies of forms are exhausted. If you no longer request SSN but ECU ID, you must write-in ECU ID where SSN is printed. If you have received approval by the ITPC to use, collect, store and disclose SSNs, please attach the disclosure notice that appears under the forms section of the www.ecu.edu/ssnresource web page. You also must ensure that you physically secure any forms with SSNs on them.
Yes, since they may be performing some of the same duties as employees, they are subject to the same policies and regulations.
Follow the university’s record retention policy prior to disposal. If copies no longer need to be stored, use a crosscut shredder or a certified shredding service.
Using the DELETE button on your computer does not really delete data from your hard drive. You must use an approved data deletion program to delete the data by overwriting it with random characters at least 7 times (Department of Defense standard for secure data deletion). If the computer is destined for surplus using established university procedures, this procedure is already performed on all hard drives before they are surplused.
The disk must be destroyed, whether in a disk shredder or by breaking the disk into small pieces. Scratching the surface of the disk does not destroy the data stored on the disk.
There are two removal options:
1) You must use an approved data deletion program to delete the SSN data by overwriting it with random characters at least 7 times.
2) The media must be cut into small pieces. Contact the IT Help Desk at http://help.ecu.edu or 328-9866 for assistance.
Contact the IT Help Desk at http://help.ecu.edu or 328-9866.
It is imperative that you are authorized to store or transmit SSN. If you have not received approval for the use, collection, storage of disclosure of SSN, please email ITPC@ecu.edu for information. If you have been approved by the ITPC, contact the IT Help Desk at http://help.ecu.edu or 328-9866 if you have questions on encryption.