IT-2001 Use of Social Security Numbers
Effective Date Jan 1, 2018
Use of Social Security Numbers
In support of Florida Institute of Technology’s obligations regarding federal and state laws, and in order to help protect Florida Institute of Technology from potential cases of identity theft, the university has created the following policy regarding the use of Social Security Numbers (SSNs) within the university and sub-entities.
This policy applies to all systems, and all faculty and staff at all locations managed by Florida Institute of Technology including FIT Aviation and University College sites.
- Social Security Numbers are prohibited from being used as a primary identifier for any member of Florida Institute of Technology, past or present. This includes faculty, staff, students, alumni, and vendors.
- Social Security Numbers must not be electronically stored by any individual except for those individuals and departments that have a requirement to do so for governmental and organizational purposes.
- Social Security Numbers must not be stored in any file, document, or database located on a personal computer, thumb drive, or CD/DVD media.
- Social Security Numbers must not be stored on any server except those servers designated by the assistant vice president for information technology as being secure storage locations for this information.
- If vendors are granted access to Social Security Numbers, they may only use the Social Security Numbers for the purposes originally granted by Florida Institute of Technology. Vendors may only be granted access to Social Security Numbers if approved by the university senior administration (president, provost and vice presidents/provosts), and if the vendor agrees to protect the information the same way as Florida Institute of Technology.
- The university senior administration (president, provost and vice presidents/provosts) has sole authorization and is the only determinant as to the departments and individuals with a need to access and store Social Security Numbers. This authority may be delegated by the senior administration as they deem appropriate.
Violators of this policy will be subject to disciplinary action based on the severity of the offense and impact to the university, up to and including termination of employment.
Effective Date: May 31, 2009