In 2003 JHU issued to its faculty and staff specific guidance for the protection and use of the student SSN. This policy statement clarifies and extends that prior guidance. University-wide implementation of this policy, which applies to the entire JHU community, is guided by the following objectives and needs:

1. Broaden awareness about the confidential, protected nature of the student SSN.

2. Reduce reliance on the student SSN for identification purposes.

3. Establish consistent University-wide and divisional student SSN protection and use policies and practices.

4. Increase student confidence surrounding handling of their SSN.

Johns Hopkins University (JHU) is committed to ensuring privacy and proper handling of confidential information it collects and maintains on faculty, staff and students, including the Social Security Number (SSN) which is required for state and federal government reporting purposes. It is the policy of JHU to protect the privacy of the student SSN and to place appropriate limitations on its use throughout admission, financial aid, billing and registration processes — both within and outside of JHU information systems. The collection, use and dissemination of student SSNs or any part thereof for other purposes is strongly discouraged.

This policy outlines acceptable use of the student SSN, limits use to business purposes only and establishes procedures to assure that University employees and students are aware of and comply with the Family Educational Rights and Privacy Act of 1974, the Maryland Social Security Number Privacy Act and other applicable laws and regulations.

1. JHU considers the student SSN or any part thereof to be "personally identifiable information" under the Family Educational Rights and Privacy Act of 1974 (FERPA).

2. No part of a student SSN may be publically displayed or released (e.g., via e-mail to multiple students, student rosters, bulletin boards, etc).

3. The student SSN may be collected as part of the application process and required for registration at JHU. The student SSN is also generally required for certain government reporting and as part of applying for financial aid, billing and employment.

4. The risk of unauthorized disclosure of the student SSN increases with each additional electronic or paper copy of the SSN. Divisional leadership is responsible for ensuring that the number and scope of physical and electronic repositories of SSN are kept to the minimum necessary.

The following requirements apply to paper and electronic records.

1. Authorization. Only individuals with a "need to know" are authorized to access the student SSN. These individuals are to receive appropriate on-line privacy training and sign a confidentiality statement prior to receiving the student SSN.

2. Document Handling and Storage. Documents containing the student SSN are not to be distributed to or viewed by unauthorized individuals. Such documents are to be stored in secured cabinets and locations. In high traffic areas, such documents are not be left on desks or other visible areas.

3. Disposal. The student SSN stored in either documentary or electronic formats are to be destroyed (e.g., shredding papers, wiping electronic files, etc) prior to disposal.

4. Current and Future Records. JHU will insert in all student records in the new information systems (ISIS and HopkinsOne) new primary identifiers. Until those numbers are available it is acceptable to use the last four digits of the student SSN as a secondary identifier.

5. Historical Records. The student SSN is included in archived databases and in imaged documents. Such historical records cannot be altered. All records and files containing student SSN data are to be considered sensitive information and must be handled and stored accordingly.

6. Acceptable Release to Third Parties. JHU may release a student SSN to third parties as allowed by law, when authorization is granted by the individual student, when the Office of the General Counsel has approved the release (e.g. subpoenas) or when the authorized third party is acting as JHU's agent and when appropriate security is guaranteed by the agreement (e.g., National Student Loan Clearinghouse, financial institutions providing student loans or other financial services to students, and student- designated entities receiving a student academic transcript).

REQUIREMENTS FOR ELECTRONIC DATA

"SSN Data" include any aggregation or collection of JHU student SSN stored, processed or transmitted in an electronic format. Examples of these include: enterprise databases, small databases such as MS Access, Web pages, e- mail, spreadsheets, and tables or lists in word processing documents.

1. Student SSN Transmission by E-Mail, FTP, Instant Messaging, Etc. SSN Data may not be transmitted (e.g., e-mail, FTP, instant messaging) to parties outside JHU without appropriate security controls. Generally, such controls include encryption and authentication of recipients (e.g., password protection of files). Great care is to be taken to ensure that e-mails are sent only to intended recipients.

2. Student SSN Transmission by Telefax. A student SSN may not be faxed except as required by law or as part of an essential administrative process (e.g., financial aid, tax reporting, transcripts). In such cases, reasonable and appropriate security controls must be established and maintained to protect confidentiality (e.g., verifying fax numbers; cover sheets; marking documents as confidential; including sender phone number).

3. Storage of Student SSN Data. JHU student administration databases and datasets may not store or otherwise maintain a student SSN, except as required for government reporting or other specific business purposes. Divisional leadership is responsible for:

a. maintaining an up-to-date inventory of SSN databases and datasets,

b. minimizing the use of SSN (including use of substitutes such as partial SSN and the Hopkins Unique Identifier),

c. documenting security controls and risk remediation.

a. maintaining an up-to-date inventory of SSN databases and datasets,

b. minimizing the use of SSN (including use of substitutes such as partial SSN and the Hopkins Unique Identifier),

c. documenting security controls and risk remediation.

a. maintaining an up-to-date inventory of SSN databases and datasets,

b. minimizing the use of SSN (including use of substitutes such as partial SSN and the Hopkins Unique Identifier),

c. documenting security controls and risk remediation.

University Policy on Family Educational Rights and Privacy
Johns Hopkins Information Technology Policies
Social Security Number Privacy Act, Sec. 14-3401 of the Maryland Commercial Law Code