Protecting Student Identity Principles of Good Practice University System of Georgia



Similar documents
LANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE

Information Security Operational Procedures

HKU SPACE Community College Instructions for Using Online Course/Class Matching Programme Semester 1, 2015/16

Course Data Application User Guide (CDA) Release 2.1 January 2014

College Operating Procedures (COP)

What is FERPA? This act is enforced by the Family Policy Compliance Office, U.S. Department of Educational, Washington, D.C.

Information Systems Security Policy

How To Protect Data At Northeast Alabama Community College

Casey State Bank Online Banking Agreement and Disclosure

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Mid-Willamette Education Consortium. College Credit Now. Student Handbook

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Office 365 Data Processing Agreement with Model Clauses

Contact: Henry Torres, (870)

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

Information Security Operational Procedures Banner Student Information System Security Policy

New! LACCD Student 2013

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

MCOLES Information and Tracking Network. Security Policy. Version 2.0

Using YSU Password Self-Service

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

WELCOME TO EASTERN IOWA COMMUNITY COLLEGE

Information Security Policy

Table of Contents. Miami University Page 2

Nursing Home Facility Implementation Overview

CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES

Banner Self Service for students

Online Bill Pay Guide

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Faculty & Advisor Banner Self-Service Guide V2.0

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

Elizabeth City State University Banner Security System

Online Banking Enrollment Guide

Verified Volunteers. A division of SterlingBackcheck. Privacy Policy. Last Updated: November 5, 2014

User Accounts and Password Standard and Procedure

Applying to the College. Frequently Asked Questions.

my.redlandscc PORTAL Accessing student , online courses, and your student records.

Information Security Policy

Prairie State Bank & Trust ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

Ferris State University

School Building Leader (SBL) or School Building Leader/School District Leader (SDL) Certification Application Instructions for Graduate Candidates*

Texas A&M International University Identity Theft Prevention Program

California State University, Sacramento INFORMATION SECURITY PROGRAM

First Federal Bank Online Banking Terms and Conditions Agreement Online Banking Service Business Online Banking Service Bill Payment Mobile Banking

Financial Aid for Graduate/Transfer Students. Presented by the Office of Student Financial Aid

Central Oregon Community College. Identity Theft Prevention Program

Alphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices

Georgia Immunization Registry (GRITS)

Enhanced Login Security Frequently Asked Questions

PII Personally Identifiable Information Training and Fraud Prevention

LANGSTON UNIVERSITY STUDENT QUICK GUIDE FROM THE REGISTRAR S OFFICE

Student Administration and Scheduling System

Information Security Policy

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

WHEREAS the Federal Trade Commission regulations include utility companies in the definition of creditor;

University of Tennessee's Identity Theft Prevention Program

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

PREPLY PRIVACY POLICY

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

NMSU Procedural Guidelines (Policy Security Cameras on University Premises)

Covered California. Terms and Conditions of Use

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Home Trust & Savings Bank

Address Update Web Application. User Manual. Defense Manpower Data Center Department of Defense

Dual Enrollment / Accelerated High School Program Admission Application Instructions

Initial Teacher Certification Application Instructions for Undergraduate Adolescence Candidates *

Security First Bank Consumer Online Banking Information Sheet, Access Agreement and Disclosures

Data Security and Privacy: How Do We Cope?

STUDENT GUIDE QUAKER CONSORTIUM RECIPROCAL PROGRAM UNIVERSITY OF PENNSYLVANIA. College of Liberal & Professional Studies Academic Year:

Two Factor Authentication. Software Version (SV) 1.0

CITIZENS DEPOSIT BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

Identity Theft and Data Protection

Intra-Georgia Registration Sharing System (INGRESS) 2012 NASCIO Recognition Award Nomination

DSU Identity Theft Prevention Policy No. DSU

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

DISTANCE AND CORRESPONDENCE EDUCATION

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

M&T BANK CANADIAN PRIVACY POLICY

1. Click on Faculty & Staff link on the top left side of the home page screen.

COMPUTER USE POLICY. 1.0 Purpose and Summary

Information Systems Access Policy

Business Merchant Capture Agreement. A. General Terms and Conditions

MIDDLESEX SAVINGS BANK ONLINE BANKING AGREEMENT

Valdosta Technical College. Information Security Plan

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Using AR Student Health Insurance

Measuring IT Staff Time at Georgia State University

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

Online Banking Guide

Have approval from a high school counselor or principal with a signed dual credit permission form.

HORATIO STATE BANK ONLINE BANKING AGREEMENT AND DISCLOSURE

Prairie State Bank & Trust ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support

identity TheFT PREVENTION Programs and Response

Information Security Program Management Standard

TESOL / Bilingual Education Admissions Policy and Application Packet 2014

Transcription:

Protecting Student Identity Principles of Good Practice University System of Georgia August 2002

Protecting Student Identity Principles of Good Practice University System of Georgia August 2002 Currently all 34 institutions, under Board of Regents policies and procedures, use the social security number as the primary student identification number. Beginning Summer 2003, institutions are encouraged to implement the necessary business practices and procedures to replace the use of the social security number as the primary student identification number. USG institutions will be expected to continue requesting and maintaining the social security number as part of the student record. It is anticipated all USG institutions will complete the transition by 2005. Create Policies and Procedures for Collection, Use and Disclosure of Student ID Numbers and Social Security Numbers Institutions should have clearly defined policies and procedures on the generation and maintenance of student identification numbers and the collection and use of the Social Security Number. These policies should be developed within the governance structure of the institution and should be included in student, faculty and employee handbooks. The federal law prohibits institutions from requiring students to provide their social security number; however, the law does not prevent or discourage institutions from requesting and maintaining the social security number as part of the student record. Institutions are encouraged to clearly document why the social security number is being requested, how and when the number will be used, and to whom it can be disclosed. A statement should be printed on the admission application and in the student handbook. Sample Statement: Federal law recognizes the student social security number as personally identifiable information. However, the law allows the University System of Georgia to request and use this information according to federal and state guidelines. While you are not generally required to provide your social security number, you are encouraged to do so. Your social security number is required when you apply for financial aid, for educational tax benefits, and employment and it may be required for other purposes. This information may be disclosed only under certain circumstances, including the following: to other institutional officials; to representatives of state and local educational authorities; in connection with financial aid; for research purposes to improve instruction:

to collection agents in connection with university-related business; pursuant to an order from a court of law; other circumstances as required by state or federal law. Inventory on Collection and Use of Social Security Numbers Institutions should inventory record systems, both paper and electronic, to determine how ID numbers and social security numbers are collected, maintained and used on campus. Institutions should plan to eliminate unnecessary or duplicate requests for social security numbers. Questions to consider: What offices collect social security numbers? Why? Where are social security numbers stored? o In a paper file? - Who has access to the file? o In electronic format? Is it in an institutional database? Is it in a stand-alone database on an individual(s) computer? Is it secure? Which office(s) have been designated as responsible for maintaining the social security number? Are there written policies regulating personnel access to social security numbers? Are there written policies regulating changes to social security numbers? Institutions should know which individuals, by name and position, have access to secure information such as social security numbers and student IDs. Security of Student Identification Numbers and Social Security Numbers Institutions should have written policies on access to student records and information and develop a practice for training faculty, staff and administrators on maintaining confidentiality and FERPA. These policies should be included in the student, faculty and staff handbooks. It is recommended that faculty, staff and administrators be required to complete training before they are issued access to the institution s electronic student, financial and human resource systems. Institutions are also encouraged to inform students of issues of identity theft and provide training on the use and dissemination of their student ID to others, including discouraging students from using their social security number as personal access codes or pin numbers.

The security of records maintained electronically is particularly challenging, and institutions are encouraged to provide faculty, staff, and students with guidelines for accessing personal information electronically. Access to personally identifiable information, such as social security numbers, IDs, etc., should be protected through the use of unique logins and personal passwords or PIN numbers. Employees and students should be reminded to log off before leaving a computer terminal unattended. Maintenance of Social Security Numbers It is essential that institutions establish procedures that enable validation of the true identity of students, faculty and staff. It is recommended that this validation process include guidelines for collection, storage, access, maintenance and disposal of documents containing confidential information. Institutions should define how changes or corrections to social security numbers and IDs will occur, who is authorized to make the changes and how and where this information will be recorded. Institutions should, under no circumstance, record and store dummy numbers as social security numbers. In cases where the social security number is not available the institutions should document, as necessary, that this information is not available. To verify the accuracy of the social security number, institutions should request official documentation. Asking for a copy of the social security card along with other identification is recommended, and institutions should establish a process for recording who verified the authenticity and what documents were used. Institutions should follow federal and state guidelines for the storage and disposal of paper documents that contain social security numbers, IDs, or other confidential information. Using and Maintaining Social Security Numbers and ID numbers in the University System of Georgia. The System recognizes that institutions must establish strict information protection and disclosure policies to protect the privacy of students; however, it is equally important that the System have access to reliable student data. As a System, it is important that institutions follow the USG recommended standard practices for reporting social security numbers and unique identification numbers. Institutions should implement practices that will ensure student confidential information is appropriately assigned to the correct student and that the information is linked together for tracking purposes.

Starting Summer 2003, the University System Office will expect institutions to report specific data elements the System Office can use to identify and track students across the System. These data elements include: Unique Student PIDM this is a sequence number assigned by Banner or the institution s student record system Student Identification Number as assigned by the institution Previous Student Identification Number as changed during the term Student Name current term Student Name Change any name change reported during the term Social Security Number change any number change reported during the term Best Practices for Using and Maintaining Social Security Numbers and Student Identifiers in the SCT Banner Student Information System. Student Identification Banner uses the SPRIDEN_ID field in the Person Identification Table (SPRIDEN) as the primary mechanism for identification in the student system. The field is limited to 9 characters in length, but can range in size from 1 to 9 alphanumeric characters, including special symbols. Institutions are encouraged to develop an institutional schema for assigning a unique student identification number in this field. There is no University System standard for creating a unique ID, and, therefore, institutions can use any combination of numbers, letters or symbols. However, it is important to note that some third-party systems the institution uses (one-card systems, etc.), or might employ in the future, might not be capable of handling a non-numeric character in an ID field. Institutions should also consider that if the first character of the ID is fixed (generated); some Banner forms will not allow manual entry of a fixed character. When converting the current ID (possibly social security number) to a unique ID, it is recommended the Banner change ID process be followed so that the SSN becomes a previous ID and is retained in the SPRIDEN table as a changed ID. This will enable authorized individuals to search for a student using the current or previous ID as stored in the Person Identification Table with the appropriate change indicator. Students can log on to Banner via the web using a current or previous ID. System policy requires that institutions maintain social security numbers in the social security number field in the General Person table (SPAPERS); however, it is recommended that institutions consider also maintaining the social security number in the Identification Number field with a change ID indicator. Authorized individuals should be instructed to conduct a query on the database prior to creating a new record. It is recommended that users do multiple queries using multiple

fields (ID, SSN, date of birth, address, etc.) to verify the existence of an individual in the database. Once an institution converts to using a unique student identification number, the social security number should never be used to create a new person identification record. Social Security Numbers Banner uses the SPBPERS_SSN field in the General Person Table (SPBPERS) as the location for maintaining the official social security number. The field is limited to 9 characters in length. Since social security number is one of the major fields used to track student migration across the System, institutions should ensure that only official social security numbers are entered in the social security number field. Institutions are prohibited from entering dummy social security numbers in this field. For many years it was standard practice across the System for institutions to assign dummy student ID numbers if students did not have a social security number; therefore, institutions are responsible for removing invalid numbers if they plan to populate SPBPERS_SSN with numbers from the SPRIDEN_ID field. SCT plans to add repeating table functionality to the General Person Table in September 2002. Institutions are encouraged to adopt the same procedure used for changing IDs to record changes made to social security numbers. Also in September 2002, SCT will be releasing search functionality that will enable institutions to restrict user access to view social security numbers. Institutions are encouraged to utilize this functionality in their overall plan for protecting access to confidential information. PIDMS Regardless of the value in the student ID (SPRIDEN_ID) or social security number (SPBPERS_SSN) fields, every student is assigned a PIDM, which is a sequential numeric value generated internally within Banner itself, to identify a student relationally within the institution s Banner student record system. The PIDM is not visible to the end-user, but it is a data field that will be required for System reporting. The PIDM, social security number and student ID together will be used in System reporting to verify the uniqueness of students enrolled in USG institutions. Use of Social Security Numbers and Unique Identification in Reporting

Institutions must recognize that Banner processes vary in the use of the social security number and student ID, so it is important that practices are in place to ensure that students are accurately identified in both institutional and System reporting. Student Transcripts. Institutions will be expected to continue to use the social security number on student transcripts distributed within the System. The System Office will assume responsibility for providing institutions with a Georgia Modification that will enable institutions to print the social security number on the USG student transcript. The unique identification number as assigned by the home institutions will continue to appear on the non-usg transcript. Other Processes. Institutions are responsible for establishing institutional procedures for reporting confidential information. Institutions should be aware that processes that use the Student Identification Number use the current number and do not review change indicators for selecting ID. Below is a list of processes and tables that should be reviewed to ensure that student social security numbers and student identification numbers are reported accurately and as intended. National Student Loan Clearinghouse. This process uses data from General Person Base table social security number field. (ZFRNSLC/SFRNSLC) Tax Reform. This process allows the user to specify a hierarchy of where to look for the social security number. RCPMTCH for Financial Aid. This process allows user to select the match process. Faculty access via Banner Web. Institutions should consider how faculty and staff will access student information via the web. Tax Information for 1098-T. This process uses the SPBPERS_SSN field only. Crystal Reports. Institutions are encouraged to thoroughly examine all of their institutional reporting processes prior to converting to a unique student identifier. Voyager Library Extraction (ZORVLIB) External Systems Changing from using the social security number to a unique student identifier will have impact on other internal and external systems. Institutions are responsible for identifying, planning, interfacing and converting data as necessary for institutional use. System Requirements for Discontinuing the Use of the Social Security Number as the Student Identifier. In an effort to avoid a disruption of service to students and System reporting requirements, institutions should develop a plan for converting and implementing the new student identification system. Institutions are not required to convert by Summer 2003; however the earliest an institution should implement the change is Summer 2003.

Institutions will be expected to have completed the transition from using the social security number as the student ID by 2005. Starting Summer 2003, System reporting will require as part of the student data collection process that institutions report: Unique Student PIDM as assigned by Banner or the institution Student Identification Number as assigned by the institution Previous Student Identification Number as changed during the term Student Name current term Student Name Change any name change reported during the term Social Security Number change any number change reported during the term Institutions will be responsible for communicating with the System Office and sister institutions across the state their timetable for migrating to a unique student identifier.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information