University of Rochester

University IT » IT Policy » SSN-PII Policy


  • Do I have to look through all of my email for SSN?
    • You need to consider all of your email. If you have been following a consistent email filing practice, you may have very few places that you need to look through. For example, you may have received SSNs only in the course of performance evaluations or wage & salary programs and have filed all such email in one folder. Within those places, first look at your received and sent email that contain attachments. If any contains SSN, consider whether you can now delete the attachment or the whole email, perhaps because you can rely on another office to maintain the primary copy of the same information. Then, apply the same process to message text in those email folders that are likely to contain SSN.
  • Do I have to look through all of my paper or electronic files to find all documents or records containing SSN?
    • As with email (see above), you need to consider all of your files. Pay particular attention to collections of forms. Note that forms may have changed over the years and that older forms may have invited or required entry of SSN while newer forms may not.
  • If I receive an e-mail containing someone's SSN, does that make me a custodian?
    • If you keep that e-mail, you will be creating a data collection containing SSN that you will have to register. If you forward and delete the e-mail, make sure that you don't retain a copy in a "sent mail" folder. Printing out and deleting the e-mail won't solve your problem. If you retain someone else's SSN in any medium in any location under your control, you are creating a data collection that you must register.
  • I have paper records containing SSN that I plan to retain. Is it safer to retain them in paper or to scan them to digital form and shred the paper?
    • Each data collection kept in a different place under different security controls creates more risk of inadvertent disclosure. If your proposed conversion from paper to digital eliminates a confidential data storage location and if the digital copies will be stored in a previously existing secure storage location, then you probably will reduce the University's overall risk. Contact your IT security support team for an assessment.
  • How do I make sure that SSN is secure when I send it electronically - for example, by e-mail or file transfer?
    • First, consider whether you need to continue sending SSN at all. Every time you send SSN, you are making a copy that needs to be protected in transit and at its destination. Review with your privacy officer whether there might be a different workflow that would allow SSN to stay where it is and be viewed securely by authorized persons.
      If you must send SSN, follow these guidelines for secure communication.

      Communication across the following data networks is considered adequately secure for SSN and other Legally Restricted Information:

      1) University wired data networks
      2) University wireless data networks named UR_RC_DomainAuth, UR_RC_InternalSecure, or UR_MCwireless. Communication across all other networks, especially across the Internet outside the University, requires additional security measures, such as

      a) https - the secure communication mode for Web browsers
      b) sftp and scp - secure file transfer software
      c) Virtual Private Networking (VPN) provided by University IT and URMC ISD
      d) Secure Email Service (currently available only to URMC e-mailboxes)
      e) encrypted .zip archives

      For assistance with any of these security measures, contact the IT Center or the URMC ISD Help Desk.
  • If I want to retain a paper record that happens to contain an SSN but I don't need SSN, can I just black out the SSN and continue to retain the record without registering it?
    • Possibly. If you make the SSN unreadable and unrecoverable from that record, you do not need to register the record.
  • What is considered a sufficient method of redacting SSN in paper forms? A permanent ink marker?
    • To be certain, you might have to cut out and shred the SSN. A permanent ink marker might be sufficient. You would need to hold the form up to a light to see whether the marker has made the SSN completely unreadable. Be aware that copy machines and fax machines can highlight very subtle differences in color density, possibly revealing SSNs that have not been thoroughly blacked out or that have been blacked out with a different type of ink.
  • What do we do with old paper payroll documents, such as payroll reporting "green sheets"?
    • The departmental green or blue copies of payroll sheets, used before the PeopleSoft HRMS system, should be shredded ASAP. The Payroll and Employment Records Center has already shredded the paper originals.
  • What do we do with old W-9 forms?
    • There is no need for departments to retain W-9 forms. When W-9 forms are required, they should be completed and sent to University Finance immediately. Any W-9 copy currently held by a department should be shredded ASAP. See also the Finance policy on payments to study subjects.

Need Help

Stay Secure

Get Connected

Need Technology?

Incoming Students



Office of the Vice President for IT and CIO


Other IT Resources

About University IT

University IT Home