University of Wisconsin System Board of Regents policy directs that UW System institutions shall collect and use social security numbers only as permitted or required by federal or state law, and only as reasonably necessary for the proper administration or accomplishment of the institutions' business, governmental and educational purposes; and limit the access to and the display of records containing social security numbers (SSNs). Therefore, access to SSN's and birth dates on the UW-Platteville campus will be tightly controlled, rarely granted and carefully monitored.
Employee requests for social security number and birth date view access to the PeopleSoft Student Administration (PSSA) System must be approved by the immediate supervisor and the appropriate senior level administrator (Chancellor, Vice Chancellor, Assistant Chancellor, or Associate Vice Chancellor). Employees requesting SSN and birth date view access must already have administrative access and must undergo additional annual training to obtain and renew this additional access.
As outlined in UW-Platteville's Information Security Program the safeguarding of University information systems and data shall be the responsibility of each faculty, staff or student with knowledge of the system or data.
Specific responsibilities for employees are as follows: “Faculty, staff, and student employees are responsible for the protection, privacy, and control of all University data they access or create, regardless of the data storage medium. All employees must ensure that the data and data media are maintained and disposed of in a secure manner. All employees are responsible for understanding the meaning and purpose of the data to which they have access, and may use this data only to support the normal functions of the employees' administrative and academic duties. All employees are responsible for all transactions occurring under his/her NetID and/or password. Passwords and NetID's may not be shared with anyone under any circumstances unless the Associate Vice Chancellor for Information Services in consultation with the University Legal Counsel approves an exception.”
The Family Educational Rights and Privacy Act (FERPA) requires that universities have written permission from an adult student in order to release any information from the student's education record. The courts have stated that Social Security numbers fall within this provision. However, FERPA allows universities to disclose those records, without consent, to “school officials with legitimate educational interest”.
Departments assume the responsibility to maintain a secure environment for any confidential data. All removable or transportable media (e.g., paper forms, reports, CDs, USB drives, laptops, etc.) containing confidential data must be secured when not in use and should not be taken off-campus for any reason. This may involve establishing security access procedures to computerized files, keeping laptops, disks or printouts in locked cabinets, periodically updating passwords and assuring that workstations are properly signed-off when not in use.