U Pennsylvania Drafts Policy to Minimize Use of SSNs

The University of Pennsylvania has drafted a policy designed to minimize the use of Social Security numbers at the school after deciding the numbers constitute "sensitive data that can be abused by identity thieves to commit fraud."

The draft policy said, "This abuse can cause privacy harm to Penn constituents and can create compliance and reputational risks to Penn itself."

The policy asks staff, faculty, and university contractors to inventory their online and offline Social Security numbers and take steps to tackle the problem, including:

1. Eliminate the data altogether;
2. Convert it to the school's numerical ID system, PennID;
3. Truncate the data to display only the last four digits; and
4. When the complete SSN is necessary, ensure strict security controls to protect the full data.

In a statement, Penn Vice President of Information Systems and Computing Robin Beck invited the public to comment to the policy by June 21.

"Penn has been committed to a multi-year effort to minimize the use of SSN  and there are now additional tools  that enable faculty and staff to identify where Social Security numbers reside on their systems and to securely delete, convert, or truncate such information," she wrote.

"This draft policy has been created in recognition of the risks that Social Security Numbers present, as well the opportunities to reduce the availability of such data at Penn."

Read More:

About the Author

Paul McCloskey is contributing editor of Syllabus.

comments powered by Disqus

Campus Technology News

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.