U Pennsylvania Drafts Policy to Minimize Use of SSNs

• By Paul McCloskey
• 06/07/07

The University of Pennsylvania has drafted a policy designed to minimize the use of Social Security numbers at the school after deciding the numbers constitute "sensitive data that can be abused by identity thieves to commit fraud."

The draft policy said, "This abuse can cause privacy harm to Penn constituents and can create compliance and reputational risks to Penn itself."

The policy asks staff, faculty, and university contractors to inventory their online and offline Social Security numbers and take steps to tackle the problem, including:

1. Eliminate the data altogether;
2. Convert it to the school's numerical ID system, PennID;
3. Truncate the data to display only the last four digits; and
4. When the complete SSN is necessary, ensure strict security controls to protect the full data.

In a statement, Penn Vice President of Information Systems and Computing Robin Beck invited the public to comment to the policy by June 21.

"Penn has been committed to a multi-year effort to minimize the use of SSN  and there are now additional tools  that enable faculty and staff to identify where Social Security numbers reside on their systems and to securely delete, convert, or truncate such information," she wrote.

"This draft policy has been created in recognition of the risks that Social Security Numbers present, as well the opportunities to reduce the availability of such data at Penn."

Read More:

• University of Pennsylvania