Planning an SSN Compliance Campaign

Click here for a printable version of this checklist.

Present, or invite a privacy officer to present, the SSN-PII policy and related Data Classification and Record Retention policies at meetings of:
- department administrators
- department managers
- department faculty
- department staff
Announce the availability of secure paper disposal methods
- shredders
- locked toters
Include SSN-PII disposal in periodic Clean & Go Green days in the department

Personnel files (including I-9s) in individual offices and in the department office
Department-developed forms that currently or have previously required SSN
Finance files, e.g. salary administration, older cum salary reports
Research files (especially W-9s) in individual offices and in the department office
Student records
HRMS reports or extracts or screen-prints
Contracts with outside parties who are maintaining a data collection for the department
Infection case report forms
Unemployment insurance forms
Faculty file cards and roster databases
Archival (dead) storage on-site or at outside location, such as Iron Mountain
Department-developed applications and databases (a.k.a. shadow systems)
Saved email, both received and sent
"Home" directories and department or project file directories on file servers
Backup tapes from departmental systems
Microfiche, CDs, DVDs, flash ("thumb") drives, external disk drives
Ask long-serving employees about past departmental practices that included SSN

Review the Record Retention policy and dispose of obsolete records (http://www.rochester.edu/adminfinance/records.html)
Where possible, remove SSN from records that will be retained
Consolidate storage of SSN records, for example, in the department office or a central file server
Change department workflow so that copies of SSN are rarely needed
- Remove SSN from circulating paper files, such as student applications and patient records
- Minimize emailing or faxing records containing SSN
- Minimize extracting records containing SSN from central databases and information systems
- Minimize including fields on paper forms that invite the submitter to provide SSN
- Minimize including fields on Web sites that invite the submitter to provide SSN

Move records containing SSN to a file server in the University Data Center and access them there
Encrypt records containing SSN that must be outside the University Data Center. This includes records on Departmental servers:

At the end of the work day, these records containing SSN should be stored in a locked cabinet in a locked room

If the record is stored on a file server in the University Data Center, you may just delete the SSN or the record
If the record is encrypted, you may just delete the SSN or the record
If the record is stored on write-once media, such as CD-R, you must destroy the media
Otherwise you must overwrite the record or destroy the media

Shred
Securely transfer to an approved secure waste disposal company, for example, via a locked toter for paper disposal

If you still possess a data collection containing SSN, or you are responsible for determining who is permitted to access a data collection containing SSN, register the collection with a Privacy Officer (SSNRegistry@rochester.edu) of the University.