UNIVERSITY OF PITTSBURGH POLICY 10-02-08
CATEGORY: SUPPORT SERVICES
SECTION: Computing, Information, and Data
SUBJECT: Use and Management of Social Security Numbers and University
Primary ID (“UPI”) Numbers
EFFECTIVE DATE: June 29, 2011 Revised
The University of Pittsburgh is committed to maintaining the privacy and confidentiality
of Social Security numbers (SSNs). The University is cognizant of the risk the
improper disclosure of SSNs can have on individuals who have entrusted this
information to the University, including the risk of identity theft. Therefore, it is the
University’s policy that the collection, management and display of SSNs be controlled,
and that the use of a SSN as an identification number is limited.
SSNs may only be requested in certain cases, such as when required by law or for
business purposes with certain third party providers, with appropriate disclosure of
its use. On-line and off-line systems that maintain SSN data must have adequate
security controls implemented to
protect its confidentiality and integrity.
The University Primary ID (“UPI”) number will serve as the primary identification
number for University students, faculty and staff. A UPI is assigned to all persons
affiliated with the University, and is displayed on the University’s Panther Card as
part of this ID card’s “2P”
Violations of this policy are to be reported to the University’s Privacy Officer.
This policy sets forth the framework for the University’s collection, management and
use of Social Security numbers (SSN) and is applicable to
all University units.
This policy will not apply to clinical and patient systems maintained by the University
that are required to use the SSN for billing and healthcare coordination purposes.
SSNs are considered an identifier under the Health Insurance Portability and
Accountability Act (HIPAA).
III. REQUIREMENTS FOR APPROPRIATE USE AND MANAGEMENT OF SOCIAL
1. Collection of SSNs for University records
1.1 SSNs may be collected and recorded when needed by federal or state
governmental agencies or by outside third parties mandated to collect SSN
information (example: health care providers). Other reasons for collecting
SSNs must be within the scope of this policy or approved by the University’s
1.2 University employees authorized to collect SSNs may request a SSN
during the execution of their duties if a primary means of identification, such
as the UPI number, is not known or
1.3 University employees may not collect SSNs, except for those purposes
noted below. Exceptions will require approval from the University’s Privacy
1.3.1 Enrollment: Those wishing to enroll in academic offerings at the
University - both credit and non-credit - may be required to provide a
SSN for secondary identification purposes. IRS regulations require the
University to request a SSN as a Taxpayer ID number for use in tax
reporting. In addition, any student applying for Financial Aid must
provide a SSN to the University.
If a person enrolling in a University academic offering - credit or non-
credit - cannot provide a SSN, certain services, such as transcripts,
enrollment verification, tax reporting, and financial aid may not be
available to the individual, and the University cannot guarantee a
complete academic record for the individual.
1.3.2 Immigration Law: A SSN may be collected as necessitated by
immigration law or regulations as determined by OHR International
Scholars and Faculty Visa Services or the Office of International
1.3.3 Certification Exams/Cooperative Experiences/Internships: A
SSN is required to be collected and reported for students who are
taking certification exams if mandated by the certifying agency.
Employers participating in co-ops and internships may also require
the student to
provide a SSN.
1.3.4 Employment: Any person employed by the University must provide a
SSN as the taxpayer ID number as directed by the IRS. This includes
all employees, including part-time and student employees. Providing
the SSN is a condition of employment. Applicants for employment
must also provide a SSN, if requested, for mandatory background
1.3.5 Employee Benefits: If required by a benefits provider, the SSNs of
dependents may be collected to receive service. The University may
also release an employee's
SSN to benefit providers.
1.3.6 Payment for Personal or Professional Services: Any person
providing services to the University as an independent contractor,
invited speaker (honorarium) or research subject for which payment
will be made, must provide a SSN as the taxpayer ID number per IRS
regulations. These taxpayer ID numbers will be stored in the
accounts payable system as part of the vendor
1.3.7 Planned Giving Donors: Donors participating in planned giving
programs must provide a SSN as the taxpayer ID
per IRS regulations.
1.3.8 Campus Police: Because the SSN is, and will continue to be, a
primary identifier for law enforcement and criminal justice records,
Campus Police has access to SSN information in all University
systems. Suspects and defendants will be asked for their SSN
because this is
used as a personal identifier in criminal justice
databases (e.g. FBI NCIC, criminal history records, etc.), on citation
forms, on criminal complaints, and in
local police databases.
1.3.9 Other Entities: The SSN may be released to entities outside the
University where required by federal or state law, regulation or
procedure, or if the individual
1.4 Collection of an individual's SSN may have additional privacy considerations.
These cases must be reviewed with the University’s Privacy Officer and the
Office of General Counsel
to determine appropriate handling.
2. Maintaining the Security and Privacy of SSNs
2.1 All records containing SSNs, whether on or off-line, will be considered
confidential information and should be maintained appropriately to protect
the confidentiality and integrity of
2.2 The University will take reasonable precautions to protect SSNs for all
individuals who provide it.
2.3 A SSN may not be used as a primary identifier in a University system,
including indexing systems for imaged documents, unless the University’s
Privacy Officer has approved an
2.4 If and when records including SSNs are no longer needed, disposal of the
records must follow University information retention and destruction policies
2.5 SSNs are considered to be confidential data and may not be used for
purposes of data mining.
2.6 SSNs may not be used, in part or in whole, as a user ID or password for
accessing a computer system or for generating any
type of identifier.
2.7 If a SSN must be displayed on a computer monitor, a computer printout,
a mailing, a fax, or another visible medium, all but the last four digits of the
SSN must be masked.
2.8 SSNs may not be included in e-mails either as direct text or as part of an
2.9 SSN data moved from one computer to another over a network interface
must be transferred using encryption controls to protect the integrity and
confidentiality of this information. Examples of encryption controls include
cryptorouters and the
use of the secure file transfer protocol (“sftp”). Data
transfer methods using cleartext (such as ftp) or ASCII files are inherently
insecure and should be avoided.
2.10 SSNs in their entirety or in any portion may not be used nor posted where
they can be exposed to the public, including time cards, class rosters,
grade rolls, and bulletin board
2.11 SSNs may not be used as an identifier for the collection of data for research
or academic purposes, unless the University’s Privacy Officer has approved
2.12 University units that collect, manage, and disseminate SSNs must undertake
annual audits to demonstrate that processes and controls are in place that
maintain the integrity and
confidentiality of SSN data.
3. Security Controls for Computer Systems Maintaining SSNs
3.1 University units which require the storage of SSNs within their computer
systems must have permission from the
University's Privacy Officer.
3.2 Systems storing SSNs must contain security controls that protect the
integrity and confidentiality of this information. Controls must include:
3.2.1 Authorization controls that require a user ID and password and that
restrict access to information on the system based on an individual’s
3.2.2 Network security controls, in which any system with SSNs must be
protected by a network firewall.
3.2.3 Audit controls, in which access to a system with SSNs is logged.
Failed logon attempts and other information that indicate
unauthorized attempts to access SSNs must
also be logged.
3.2.4 Security monitoring controls, in which viruses, worms, spyware,
Trojan horses, computer hackers, and other computer threats can
be detected. These controls can include anti-virus and anti-spyware
3.2.5 Physical security controls that restrict access to servers and
workstations managing SSN data, and that protect electronic storage
media (such as disks, backup tapes, and CD ROMS) that store SSN
3.3 Files that cross-reference UPI numbers to SSNs are prohibited, unless
approved by the University’s Privacy Officer.
4. SSNs Within Historic Records
4.1 SSNs may be a part of historical databases or imaged documents given its
past use as the primary identifier at the University. SSNs may not be used
as a primary identifier in a University system, including as an indexing
system for imaged
documents, unless the University’s Privacy Officer grants
permission. If permission is not granted, the indexes must be changed to
use UPI numbers or another key, or the documents must be purged from
4.2 Access to imaged or other on-line documents containing SSNs must be
limited to authorized persons and secured using authorization controls,
4.3 Local departmental databases or spreadsheets containing SSNs, which are
available through local servers or PCs, are not
4.4 If faculty or others have email or other electronic correspondence that
contains a SSN in the text, this will be considered historical information and
does not have to be converted, but must be handled as confidentially as
and purged if no longer required.
4.5 Historical records containing SSNs in off-line storage, such as paper, tape,
cartridge, fiche, microfilm or magnetic media may be maintained, but access
to these off-line records must
be limited and secure.
4.6 All records that are no longer needed must be purged, and disposal of the
records must follow University Archives and Records Management policies
5. SSNs Shared with Third Parties
5.1 SSNs may not be shared with third parties, with the exceptions of:
5.1.1 As required or permitted by law.
5.1.2 With the consent of the individual.
5.1.3 Where the third party is an agent or contractor for the University and
have demonstrated that controls are in place to prevent unauthorized
5.1.4 As approved by the University’s Privacy Officer.
5.2 SSNs shared with a third party that is an agent or contractor for the
University must have a written agreement on controls and procedures that
will be enacted and sustained to protect the confidentiality of these SSNs.
The University should hold the third party accountable for compliance with
the provisions of the written agreement through regular monitoring or
auditing. The agreement should prohibit the third party from disclosing
SSNs except as required by law, and require the third party to use adequate
administrative, physical and technical safeguards to protect the confidentiality
or record systems containing SSNs. The agreement should give
the University the right to conduct audits to independently validate that these
controls and procedures are in place and
IV. REQUIREMENTS FOR USING UNIVERSITY PRIMARY ID (“UPI”) NUMBERS
6. Use of UPI Numbers
6.1 The UPI is to be used as the primary identifier in the University’s
administrative and academic systems.
6.2 The UPI is an eleven character value beginning with “2P” and then a nine
digit number using the following format:
6.3 The UPI is unique to an individual and is a lifetime assignment used for
multiple and changing relationships with
6.4 The UPI number is assigned to an individual and is used for all affiliations
with the University.
6.5 The UPI number for an individual will not be available to the general public,
such as through the University Directory
6.6 The UPI number may only be used in email or other correspondence within
the University among appropriate University personnel and offices in
performing their assigned duties, or in email or other correspondence sent
directly to that individual. The UPI should never be part of the subject line
of an email or printed on the address label of written
6.7 Unless the full number is required (i.e. to notify an individual of his or her
UPI number), only the last four digits of the UPI should be displayed in the
text of an email
or any other correspondence.
6.8 UPI numbers will be assigned to the following groups: students, employees,
and other University affiliates.
6.8.1 Students: A UPI is issued to anyone enrolling in University academic
offerings - including credit and non-credit instruction - that are
recorded in the PeopleSoft Student System. The UPI is the identifier
or individuals within University academic systems and will be
available to appropriate University officials with a legitimate
educational need for the records. Students will be required to provide
the UPI when requested to
obtain access to services at the University.
NOTE: Under interpretations of Family Educational Rights and Privacy
Act of 1974 (FERPA) regulations, the UPI cannot be used to display a
student's scores or grades publicly. This also precludes posting
grades using only
the last four digits of the UPI.
6.8.2 Employees: All University employees, including wage payroll, are
issued a UPI at the time of employment. The UPI will be used to
identify the individual within University administrative systems.
will also be assigned UPIs under this affiliation.
6.8.3 Other Entities: There are other constituents associated with the
University who may be issued a UPI. These include, but are not
limited to, alumni, donors, and "friends of the University". The
University’s Privacy Officer will determine when a UPI may be issued
those falling into the "other entities" category.
6.9 If an individual does not have a UPI, one will be assigned. Assigning a UPI
will require certain minimum information about the individual. Those
University offices assigning UPI must notify constituents of their new UPI in
a timely manner, using
consistent methods and wording.
6.10 Efforts must be made to prevent assignment of multiple UPIs to the same
individual. If multiple UPIs have been issued to a single individual or if two
individuals are issued the same UPI, the University unit discovering the
duplicate or multiple must contact Panther Central and, after verification of
the multiple assignments, the records will be merged or separated and the
individual or individuals notified of which UPI will
be valid in the future.
6.11 If an assigned UPI has been compromised and used fraudulently, an
individual may request a new UPI number subject to the review and
approval of the University’s Privacy Officer.
7. Use of UPI Numbers on the University’s Panther Card
7.1 The UPI may be printed on the Panther Card as part of the card’s 2P
value so that individuals have a permanent record of their UPI for reference
purposes. Individuals issued Panther Cards will be expected to keep the
card secure. Panther Cards must have a brief disclosure statement on the
back of the card regarding the individual's responsibility for keeping their
Panther Card secure.
7.2 If a Panther Card must be replaced, the UPI will remain the same, but a
new 2P card number will be issued.
7.3 2P numbers should consist of the following fields:
- 11-digit UPI
- 2-digit card type (01 students, 02 faculty and staff, 03 other affiliates)
- 1-digit lost card indicator (starting with 0 and incrementing with each
new card number)
- 1-digit check digit based on a modulus 36 hash function (this check
digit is used to validate the first 14
7.4 2P numbers are to be generated using the University’s Central Directory
Service (CDS) and issued when University affiliates receive their Panther
Cards on main campus by Panther Central or when their ID cards are
received at one of the University’s
It shall be the responsibility of each University unit to meet the requirements set forth
in this policy. Violation of this policy may result in disciplinary action up to and
including termination of employment. Violation may also result in civil and criminal
based on state and federal privacy statutes.
VI. ADDITIONAL INFORMATION
For additional information about this policy, or to file a report, contact the University’s
David N. DeJong, Ph.D.
Vice Provost for Academic Planning and Resource Management
801 Cathedral of Learning
Pittsburgh, PA 15260
Web site: http://www.provost.pitt.edu/
Phone: (412) 624-4228
For information about security controls for protecting SSNs, contact the University’s
Information Security Officer.