FAQ

Does this regulation eliminate the use of SSN on the campus?

No. Although the university has minimized the use of Social Security Numbers (SSNs) to the greatest degree possible, there are still instances in which SSNs will be required, such as in financial aid forms and employment forms. When this is the case, the request for SSN form must be submitted to the ITPC accompanied by a disclosure statement explaining how the SSN will be used.

How do I delete SSN data stored on CD-ROM or DVD-ROM disks?

The disk must be destroyed, whether in a disk shredder or by breaking the disk into small pieces. Scratching the surface of the disk does not destroy the data stored on the disk.

How do I delete SSN data stored on removable media (e.g., floppy disk, Zip disk, tape)?

There are two removal options:

1) You must use an approved data deletion program to delete the SSN data by overwriting it with random characters at least 7 times.

2) The media must be cut into small pieces. Contact the IT Help Desk at http://help.ecu.edu or 328-9866 for assistance.

How do I dispose of data containing SSN stored on a computer?

Using the DELETE button on your computer does not really delete data from your hard drive. You must use an approved data deletion program to delete the data by overwriting it with random characters at least 7 times (Department of Defense standard for secure data deletion). If the computer is destined for surplus using established university procedures, this procedure is already performed on all hard drives before they are surplused.

How do I dispose of information with SSN data stored on paper copies?

Follow the university’s record retention policy prior to disposal. If copies no longer need to be stored, use a crosscut shredder or a certified shredding service.

How do I encrypt SSN data that I store or transmit?

It is imperative that you are authorized to store or transmit SSN. If you have not received approval for the use, collection, storage of disclosure of SSN, please email INTEGRITYCOMPLIANCE@ecu.edu for information. If you have been approved by the ITPC, contact the IT Help Desk at http://help.ecu.edu or 328-9866 if you have questions on encryption.

How do I know if I have electronic data that contain SSN?

Do you have old student course rosters, I9 forms, timesheets, performance evaluations or other personnel documents? Much of the data containing SSN or other PII may no longer be used, but still resides on your computer. Conduct an assessment of your data to determine if it is still required (follow records management guidelines). If data is no longer required, delete such data. Submit the Information Risk Management Assistance service request to request assistance on determining if you have data that contains SSNs.

How do I request to use, collect, store or disclose SSN?

If you have a legitimate business need to collect, use, store or disclose SSN, send an email request to INTEGRITYCOMPLIANCE@ecu.edu and a representative will contact you concerning your request.

There are SSNs on documents that we currently store. What should we do with such documents?

Older documents and files still exist which include SSNs. It is not practical to remove the SSNs from these documents, so follow safeguards such as 1) Paper copies must be kept locked and inaccessible to unauthorized users, 2) Electronic copies must be moved to secure storage and/or encrypted. If you have a question concerning this, please contact the ITPC.

We have collaborators in our department. Since they aren’t employees, are they covered by this regulation?

Yes, since they may be performing some of the same duties as employees, they are subject to the same policies and regulations.

What is the Identity Theft Protection Committee (ITPC)?

During the 2005 legislative session, the General Assembly enacted the North Carolina Identity Theft Protection Act. This act imposes restrictions upon the collection and segregation of Social Security Numbers (SSN) and upon the disclosure and security of SSNs and other personal identifying information (PII). ECU established the Identity Theft Protection Committee (ITPC) to oversee compliance with respect to the collection, segregation, disclosure and security of SSNs and PII and the development of related policies/regulations.

What is the regulation on SSN and PII?

It is a university regulation that SSNs and PII may only be collected, used and disclosed by ECU and its employees and agents as permitted by applicable law and university regulation and only in furtherance of legitimate university business. It sanctions the ITPC and governs its review and approval of the use of SSNs and PII for the university.

What is the standard on SSN and PII?

It is a university standard that provides specific actions that ECU employees and its agents should take with regard to the collection, use, and disclosure of SSNs and PII. To review ITCS’s standard on SSN and PII, visit ECU Standard for Collection, Use, Disclosure of SSN and PII.

Who do I ask for advice on deleting data securely?

Contact the Pirate Techs Service Desk at http://help.ecu.edu or 328-9866.