Data Warehouse Procedures
Regarding Social Security Numbers
Historically, the University of Pennsylvania, like most colleges and universities, relied upon Social Security Numbers (SSNs) as unique identifiers for students, faculty and staff. SSNs were used to generate reports on individuals’ grades, payroll information, and employee benefits to name only a few examples.
In recent years, Penn and many other institutions have recognized that use of SSNs for identification purposes creates substantial risks. SSNs are sensitive data that can be abused by identity thieves to commit fraud. This abuse can cause privacy harm to Penn constituents and create compliance and reputational risks to Penn itself.
For these reasons, Penn has made substantial changes to systems, operations, reports and other areas to substantially reduce the availability of SSNs. These efforts include changes to the Data Warehouse as described further below.
II. Withholding/Withdrawal of Access to SSNs for Data Warehouse End Users
End user access to SSNs, and to data requested using SSN-based queries, in the Data Warehouse will be withheld/withdrawn in accordance with the following timeline:
- August 1, 2007. New Data Warehouse end users will not be granted access to SSNs, and/or to data requested using SSN-based queries, unless permission is granted under procedures described in the next point for existing Data Warehouse users.
- September 1, 2007. Existing Data Warehouse users must submit a Request for Continuation of Access to SSNs (“SSN Access Request Form”) to allow continued access to such data based on a compelling need. Such need may arise, for example:
- where an end user is responsible for generating reports required by law to include Social Security numbers
- where SSNs are required to interface with a limited number of external entities whose privacy and security practices have been reviewed
- in rare cases, where the SSN is necessary for internal Penn interfaces
- October 15, 2007. Access to SSNs, and/or data requested using SSN-based queries, in the Data Warehouse will be withdrawn from all existing end users who (a) have not submitted an SSN Access Request or (b) have submitted an SSN Access Request that has been denied.
To minimize any potential business disruptions, Data Warehouse operations have been modified to permit queries (table joins) based on PennID.
Note also that a conversion utility to facilitate switching from SSNs to PennIDs is available free of charge. Penn’s Office of Information Systems and Computing must be consulted to employ the conversion utility; for further information call (215) 573-4492.
[ IT Privacy Initiative ]