Social Security Number (SSN) Data Security Framework
The University of Washington routinely collects Social Security Numbers (SSNs) in support of several federal requirements such as W-2 tax forms and student educational tax credit reporting. SSNs are considered confidential data according to the UW Administrative Policy Statement (APS) 2.10, UW Minimum Data Security Standard. Unauthorized release of SSN (and other personally-identifiable information) by the UW exposes individuals to identity theft and fraud, and brings financial and reputational harm to the UW.
Everyone who is accountable for the management or use of SSN data must also become familiar with other university-wide and departmental policies and procedures related to records management and security, which are published separately. In this website, we will discuss Policies, Training, and Frequently Asked Questions (FAQs) in relation to the protection of SSN data.
The University of Washington is committed to protecting the privacy and confidentiality of personal information related to students, faculty, staff, and other individuals associated with the University. The University recognizes the risk and impact that the improper disclosure of SSNs can have on individuals who have entrusted this information to the organization.
SSN Initiative Project
The Social Security Number (SSN) Data Security Initiative Project was established to respond to the University’s need to protect this confidential data element. The project was formulated under the F2 executive sponsorship of V’Ella Warren, Senior Vice President, Sponsors of Ann Anderson, Associate Vice President and Controller, Kirk Bailey, Chief Information Security Officer and Sara Gomez, Associate Vice Provost for UW-IT. Additionally, a Steering Committee and CORE Working Team was identified along with specific Sub-Teams.
SSN Sub-Team and Key Deliverables
Institutional Practices Sub-Team:
• Improve, finalize, and support created Policies and Standards
• Implement and Roll-out a University-wide Business need definition(s)
• Create Best Practices
• Develop website to support Social Security Number Initiative
Systems / Technology Sub-Team:
• Identify and review the uses of SSNs on servers and Application Portfolio level
• Define what is meant by a ‘high risk server’ and evaluate the security of these identified servers
• Explore options to ensure that the data is as ‘secure’ with the goal of ‘end-user’ education (provide Best Practices)
Education and Awareness Sub-Team:
• Develop a comprehensive Education, Awareness and Training plan which will address the overall objectives and goals
• Establish next steps for security breach communication plans and policy process