As part of its effort to safeguard personal and confidential information at Georgetown, the University’s Data Security Task Force, in conjunction with faculty and staff, and headed by Senior Vice President Spiros Demolitsas, has developed an interim policy outlining rules and guidelines for how Social Security Numbers (SSNs) should be handled at Georgetown.
The new SSN policy, which addresses the proper use, collection, and retention of SSNs, applies to all students, faculty, staff, consultants, volunteers, and guests of the University. The policy affects the Main Campus, Medical Center, and the Law School.
SSNs have historically been used widely as identifiers. However, with data security and identity theft as major concerns, many other colleges and universities have enacted similar such policies, and have moved to eliminate or severely curtail the use of SSNs.
Some of the main points of the interim SSN policy are:
• The policy outlines standards and guidelines for handling, maintaining, retaining, displaying, and transmitting SSNs in oral, printed, or electronic form.
• The policy applies to all members of the University community, including:
o Students, Faculty, Staff
o Consultants and other temporary employees
o Volunteers
o Guests
o Third-party affiliates who use Georgetown resources, such as confidential and sensitive data
o Anyone entrusted with confidential data
• SSNs are not permitted to be used as a means of identifying and tracking individuals. Their use must be approved by the University Information Services Privacy Officer (UISPO), who will maintain a list of all approved uses of SSNs.
• This policy may involve the university community making significant changes to some of Georgetown’s business processes to ensure that SSNs are not used as the primary record-keeping entity.
• Anyone who works with SSNs is required to attend training on how to handle sensitive data.
• The Georgetown University ID (GUID) is the preferred method for identification. (The GUID is a 9-digit number located on the front of each person’s GOCard.)
• The policy lists and describes the roles and responsibilities of all members of the university in handling SSNs.
Since 1999, Georgetown has been working to reduce the use of SSNs as the primary means of identification by implementing the GOCard and NetID systems. The new policy continues these efforts.
If you have any questions or concerns about the policy, send e-mail to uispolicy@georgetown.edu.