Content | Navigation |

Social Security Numbers Procedures for Storage and Removal

These procedures were developed to evaluate and assess the privacy and protection of Social Security Numbers (SSNs) stored in documents held by the University divisions stored on NDSU owned electronic devices and in hard copy format. It is expected that each employee or authorized user with access to SSN data comply with the following procedures.

  1. Finding/locating Records with SSNs - Review all online and paper forms, documents and databases to determine if SSN information is being collected and stored. If a numeric identifier is required, determine if the SSN may be replaced with the emplID.
    1. Electronically Stored Information

      1. All computers and external media such as hard drives, USB sticks, and other like media will be scanned and searched for documents containing SSNs. NDSU recommends Operation_Find_Lite, a small application to use for this purpose.

    2. Hard Copy Information
      1. Review all forms and applications for occurrences of SSNs.
      2. Determine where completed forms containing SSNs are stored.
  2. Removing SSNs from Current and Archived Records - It is required that non-essential collection and use of SSNs be discontinued, and that previously collected SSN data be removed from electronic and paper documents. 
    1. Electronically Stored Information
      1. If SSN information is in a word processing file, spread sheet, or database, it must be removed from the document. This can be done by deleting the SSNs and re-saving the document.
      2. If the document is in PDF format and Adobe software is not available, print the document and use a permanent marker to black out the confidential information. Scan and re-save the document. Delete the original document containing the confidential information as per Section 3 of these procedures.

    2. Hard Copy Information

      1. Modify forms that no longer require SSNs by removing the field from the form. Destroy any unused forms.
      2. Remove the SSNs from completed forms; use a permanent marker to block out the confidential information. Ensure the imprint of the information can't be read through the blocked portion.

  3. Destruction of Records with SSNs
      1. Electronically Stored Information

        1. Delete/purge the documents if they meet criteria as defined for removal through NDSU Policy 713 Records Management.
        2. Purge the documents from the computer's trash folder.

      2. Hard Copy Information

        1. If the documents meet criteria for destruction as defined through NDSU Policy 713 Records Management, they must be shredded or disposed of by using a secure receptacle for confidential documents or disposed of through a licensed and bonded vendor.

  4. Securing Records with SSNs
      1. Electronically Stored Information
        1. For electronic documents where the SSN is required, the electronic storage and transfer of media must be encrypted. If working with electronic documents in a public area such as a reception office, ensure the computer screen is not viewable to the public by use of a privacy screen installed on the computer's monitor.
        2. All NDSU owned computers must meet standards established by NDSU Policy 158 Acceptable Use for Electronic Communication Devices. At the minimum the computer must be/have:
          1. Accessible only by an NDSU assigned login and password.
          2. Current with updates and service packs for the operating system and all software and applications installed on the machine.
          3. Anti-virus software and a firewall installed and enabled.
          4. All applications, software, and services installed on the computer must be approved by NDSU IT, unless otherwise authorized by the NDSU VP for Information Technology.

      2. Hard Copy Documents

        1. Documents containing SSNs must be stored in locked file cabinets and located in an area not accessible by the public.The file cabinets must be accessible to those who have a need to know. The keys to the cabinets must be properly managed and assigned accordingly.
        2. When working with documents containing SSNs, ensure the documents are protected from those who do not have a need to know. Keep them in a file drawer when not working with them. Return them to the locked file cabinet when they are not being used or when leaving the desk or office.
        3. Documents containing SSNs must not be removed from NDSU property.

  5. Verification of Compliance

    1. After review of electronic and hard copy documents, and all instances of SSNs not required have been removed, complete,sign, and submit the "Audit Compliance Form."
    2. All occurrences of required SSNs in electronic and/or paper format must be reported using the "Social Security Numbers Exception Request form." 
    3. The division's VP will verify to Audit and Advisory Services by May 15, 2011, and annually thereafter that files and documents containing SSNs are protected according to best practices. In addition, the division's VP will verify documents containing SSNs have been destroyed using best practices.

      1. Annual Notification

        1. Audit and Advisory Services will send out annual notices informing divisions when verification of compliance is due.

Click here to go back to the main page.

Click on any of the links below to continue to a different page.

Social Security Numbers Standards and Guidelines (PDF version)

Social Security Numbers Procedures for Storage and Removal

Social Security Numbers Procedures for Storage and Removal (PDF version)

Associated Laws and Policies

SSN Operation_Find_Lite Software

Frequently Asked Questions

Contact Information

Student Focused. Land Grant. Research University.

Follow NDSU
  • Facebook
  • Twitter
  • RSS
  • Google Maps

North Dakota State University
Phone: +1 (701) 231-8411 / Fax: (701) 231-6194
Campus address: Old Main 11
Physical/delivery address: 1340 Administration Ave., Fargo, ND 58102
Mailing address: NDSU Dept. 3000 / PO Box 6050 / Fargo, ND 58108-6050
Page manager: Vice President for Finance and Administration

Last Updated: Tuesday, April 19, 2016 9:59:31 AM
Privacy Statement