4:015-AP1 Protecting the Privacy of Social Security Numbers
|Superintendent and business manager, and their designees||Identify the approved purposes for collecting SSNs, including:
a.Disclosing SSNs to another governmental entity if the disclosure is necessary for the entity to perform its duties and responsibilities;
b. Disclosing a SSN pursuant to a court order, warrant, or subpoena; and
c. Collecting or using SSNs to investigate or prevent fraud, to conduct background checks, to collect a debt, or to obtain a credit report from a consumer reporting agency under the federal Fair Credit Reporting Act.
Identify a method for documenting the need and purpose for the SSN before its collection. 5 ILCS 179/10(b).
Inform all employees of the District’s efforts to protect the privacy of SSNs. See Exhibit 4:015-E1, Letter to Employees Regarding Protecting the Privacy of Social Security Numbers.
While State law does not specifically require this step, the law contains mandates applicable to all employees that they need to know. Moreover, this letter provides an opportunity to increase awareness of the confidential nature of SSNs.
Maintain a written list of each staff position that allows or requires access to SSNs.
The existence of a written list, even though not required, is important for recordkeeping and accountability purposes.
Require that employees who have access to SSNs in the course of performing their duties be trained to protect the confidentiality of SSNs. 5 ILCS 179/35(a)(2).
Direct that only employees who are required to use or handle information or documents that contain SSNs have access to such information or documents. 5 ILCS 179/35(a)(3).
Require that SSNs requested from an individual be provided in a manner that makes the SSN easily redacted if the record is otherwise required to be released as part of a public records request. 5 ILCS 179/35(a)(4).
Require that, when collecting a SSN or upon request a statement of the purpose(s) for which the District is collecting and using the SSN be provided. 5 ILCS 179/35(a)(5). See Exhibit 4:015-E2, Letter to Employees Regarding Protecting the Privacy of Social Security Numbers.
Enforce the requirements in Board policy 4:015, Identity Protection, and this procedure.
|Records Custodian and Head of Information Technology (IT)||
Develop guidelines for handling social security numbers in electronic systems. These guidelines should address:
|Staff Development Head||Design and execute a training program on protecting the confidentiality of SSNs for employees who have access to SSNs in the course of performing their duties.The training should include instructions on the proper handling of information that contains SSNs from the time of collection through the destruction of the information. 5 ILCS 179/35(a)(2).|
|Assistant Superintendents, Directors, Building Principals and/or Department Heads||
Require each staff member whose position allows or requires access to SSNs to attend training on protecting the confidentiality of SSNs.Instruct staff members whose position allows or requires access to SSNs to:
Instruct staff members whose position does not require access to SSNs to notify a supervisor and/or the IT Department whenever a SSN is found in a document or other material, whether in paper or electronic form.
|Freedom of Information Officer||Redact every SSN before allowing public inspection or copying of records responsive to a FOIA request. 5 ILCS 179/15.|
|Employees||Do not collect, use, or disclose another individual’s SSN unless directed to do so by an administrator.If the employee is in a position that requires access to SSNs: Treat SSNs as confidential information and follow the instructions learned during training.If the employee is not in a position that requires access to SSNs:Notify his or her supervisor and/or the IT Department whenever the employee comes across a document or other material, whether in paper or electronic form, that contains a SSN.|
Date Adopted: April 1, 2011