Introduction: University departments must act
Importance of protecting SSNs and other PNPI
Guidelines for protecting PNPI
PNPI software tools
For more information
Encrypt Sensitive Data
UD's Gramm-Leach-Bliley Act Information Security
OnGuardOnline.gov: "Tips from the federal
government and the technology industry"
Questions or comments
Copyright © 2005-2008, University of Delaware
Last updated: 2/8/08
Federal laws and regulations govern the safeguarding of personal,
non-public information (PNPI), such as Social Security Numbers (SSNs).
all require those who collect PNPI to follow strict guidelines. Protecting
information is important because of identity theft.
- Family Educational Rights and Privacy Act (FERPA) [educational records],
- Gramm-Leach-Bliley Act (GLBA) [financial institution and customer
- Health Insurance Portability and Accountability Act (HIPAA) [health
At the University of Delaware, all departments must reduce their reliance
on SSNs, using alternative forms of identifying students, clients, employees,
and faculty whenever possible. Further, all University departments should
follow good practices in safeguarding all personal non-public information
(PNPI). Examples of PNPI include, but are not limited to:
- Credit card or bank account numbers
- Medical or educational records
- Other sensitive, confidential or protected data (e.g., grades used
in context with personally identifiable information such as name,
address, or other easily traceable identifiers).
Every employee of every University department must work to help the
University meet the requirements imposed by FERPA, GLBA, HIPAA and other
laws to protect the privacy of personal information in our care.
The first step is for each department to re-examine its use of
and storage practices regarding all PNPI, including SSNs. Departments
should review their processes for using PNPI annually:
- "Why are we acquiring SSNs?"
- "How are we storing any SSNs we do acquire?"
- "How are we protecting the SSNs that we acquire?"
- "What can we do to train our faculty and staff in the proper use
and management of personal non-public information (PNPI) like SSNs,
credit card numbers, and other confidential information?"
- "Who has access to SSNs in our department, and do they still
need the access?"
In addition if you are asked to provide a SSN (either your own,
another employee's, a student's, a family member's SSN), challenge
University Guidelines for Protecting PNPI
The University has developed Guidelines for Protecting
Personal Non-Public Information (PNPI). In addition to containing
general information, the University guidelines offer the following advice:
- Ensure the Privacy of PNPI.
- Encrypt Electronic Transmissions.
- Do Not Store PNPI Locally.
- Ensure PNPI Security When Working from Home or Outside the University.
- Have Computer Equipment Audited.