Policy Approval Authority | President |
Responsible Division | Division of Information Technology |
Responsible Officer(s) | Associate Vice President and Chief Information Officer, Associate Vice President and University Privacy Officer |
Contact Person | Matt Parks |
Primary Audience |
Staff
|
Status | Active |
Last Review Date | 04-01-2022 |
Policy Category/Categories |
Ethics & Conduct
Faculty & Academics Finance / Risk Management Human Resources / Employment Information Technology Research Ethics / Intellectual Property Student Affairs |
In furtherance of the Information Security Policy for Northern Illinois University (University or NIU), and in accordance with the Illinois Identity Protection Act (5 ILCS 179/1, et seq.), NIU establishes this Identity-Protection Policy to protect social security numbers from unauthorized use or disclosure. This policy is applied in conjunction with the University’s existing policies and practices, as well as State and federal laws, on (1) protecting the confidentiality of social security numbers, and (2) reducing the opportunity for identity theft at Northern Illinois University. Any University policy, State law or federal law that adopts standards for the collection, use or disclosure of social security numbers that are stricter than the standards outlined in this policy or the Illinois Identity Protection Act with respect to the protection of those social security numbers shall control. This policy does not apply to the collection, use, or disclosure of a social security number as required by State or federal law, rule or regulation.
The use of social security numbers at Northern Illinois University must be in furtherance of the operations and business of the University and not for the personal use or benefit of individual employees at the University. Only NIU employees who are required to use or handle information for documents that contain social security numbers can have access to such information or documents. NIU will not use or disclose the social security number for any purpose other than the purpose for which it was collected, unless otherwise expressly allowed under this Policy or State and federal law, rule or regulation. NIU will not collect, use, or disclose a social security number from an individual, unless:
NIU may collect, use, or disclose social security numbers under the following circumstances or situations:
Social security numbers that are requested by NIU from an individual must be placed on records/documents or stored in a manner that makes the social security number easily redacted if required to be released as part of a public records request. If there is a request to inspect or copy records under the Illinois Freedom of Information Act or any other federal or state law, the University must redact social security numbers from the information or documents before allowing inspection or copying. Those University entities that utilize or participate in a national unique patient health identifier program, as established under federal law, will be considered in compliance with this Policy and the Illinois Identity Protection Act.
Unless otherwise expressly allowed under this Policy or State or federal law, rule or regulation, NIU WILL NOT:
Disposal and retention of all records should occur in accordance with University Retention Guidelines available at Records Retention and Administration. Prior to disposing of documents contained in these guidelines, departments must request permission to destroy from Ethics and Compliance and receive a certificate back from the State of Illinois. Questions regarding this process should be directed to the Records Officer, located in the Ethics and Compliance Office, at 815-753-5560 or RecordsManagement@niu.edu
Additional protocols apply to the disposal of information containing personal information. All materials containing personal information must be disposed of in a manner that ensures that personal information is not readable, usable, and decipherable. Proper disposal includes, but is not limited to the following:
Any department disposing of materials containing personal information may, utilizing the University Procurement process, contract with a third party for disposal. It is the department’s responsibility to ensure that the third party implements and monitors compliance with these policies and procedures and prohibits unauthorized access to or acquisition of or use of personal information during the collection, transportation, and disposal of materials containing personal information.
All employees of NIU identified as having access to social security numbers in the course of performing their duties will be trained to protect the confidentiality of social security numbers in accordance with the provisions of this policy. Such training will include instructions on proper handling of information that contains social security numbers from the time of collection through the destruction of the information.
Policy Library
815-753-5560
policy-library@niu.edu
Comments
There are no comments to show.