The 内布拉斯加大学 at Kearney is the custodian of confidential data for students and 员工 and we acknowledge our responsibility to secure confidential data for the protection of our constituents. We assign to students and 员工 the NU-ID, 用来代替社会安全号码作为唯一标识符的数字.
The 内布拉斯加大学 at Kearney will not use Social Security Numbers to identify students, 员工, or other persons with a bet36365体育 relationship, except for those uses required by law, 比如工资, 好处, 财政援助. 社会安全号码可以用来获取非bet36365体育, 比如就业, 信贷, 金融, 健康, 机动车, 和教育信息,将是有害的或侵犯隐私,如果披露. Our goal is to prevent unauthorized use of or access to confidential data and Social Security Numbers.
Neither the Social Security Number nor any portion of the Social Security Number will be collected, 存储, or transmitted by university 服务 or using university-owned equipment unless its use is authorized in writing by officials designated by the Chancellor. Departments or individuals who are authorized to collect, 商店, or transmit Social Security Numbers will follow guidelines to secure such data as established by the Assistant Vice Chancellor for Information 技术.
Failure to comply with this policy after January 1, 2008, may result in disciplinary action by the University.
Your cooperation is greatly appreciated. 谢谢你!.
道格拉斯一. Kristensen,总理
Chancellor Kristensen instructed all departments to be in compliance with the bet36365体育 Social Security Number Policy as of January 1, 2008.
文档、流程和表单不能包含社会安全号码. If the social security number is required, request an 资讯科技服务的政策豁免.
Do not send social security 数字 via email.
Paper documents with social security 数字 should be 存储 in locked cabinets in a locked room.
Paper documents that have been retained beyond the date specified in the NU records retention schedule should be destroyed by cross-cut shredding. If the volume of documents to be destroyed is large, 该部门应制定销毁文件的计划和时间表. 有些供应商收费提供文件销毁/处理服务. 有关更多信息,请联系商务和金融副校长. 在文件被销毁之前,应按上述方式加以保护.
识别可移动媒体,如闪存或跳跃驱动器,软盘,cd, zip磁盘等. that 商店 social security 数字. 将此类媒体保存在上锁的房间的上锁的橱柜中,类似于纸质文件. If the removable media is no longer needed, physically shred or destroy the media to dispose of it.
申请豁免 如果您必须保留文件,请从社会安全号码政策中获取, either paper or electronic, with social security 数字.
直接访问SAP/HR和SIS申请数据不需要豁免请求. 然而, if you have social security 数字 from these systems 存储 on your workstation or removable media, an exemption must be requested.
Exemptions that are granted will be 综述了 annually.
SSNs and other personal identity information are confidential data and the theft and/or unintentional compromise of such data has become a major issue in higher education. 财政大臣已责成bet36365体育在2008年1月1日之前消除所有非必要的SSN使用. Exceptions must have the Chancellor's approval.
产品说明:
除部门主管签名框外,请在网上填写表格.
Print the completed form.
Department Head signs the form and forwards to:
Deb施罗德
Assistant Vice Chancellor for Information 技术 服务
114奥托·奥尔森
内布拉斯加大学 Kearney
卡尼,ne68849
Information 技术 服务 will review the form and forward it to the Chancellor for approval.
目的与受众:
The 内布拉斯加大学 Kearney recognizes the increased concern about individual privacy and the risk of identity theft. The Social Security Number (SSN) is classified as private data. 社会安全号的保护和机密性在Regents政策中有规定, 联邦法律, 还有州法律. 历史上,SSN被用来帮助识别和匹配记录. 然而, current directives discourage this practice and make use of the SSN subject to approval. This procedure is intended to specifically address issues related to the use of the SSN in university systems, 包括自助服务应用程序和部门管理系统. 我们的目标是:
除法律要求外,取消社会安全号的收集.
消除在数据系统(包括显示页面和报告)中使用SSN.
要求在使用或存储SSN时使用豁免请求.
Increase awareness about the concern for privacy and the risk of identity theft related to the disclosure of the SSN.
大学需要为各种法律规定的活动收集社会安全号(SSN).g., income tax reporting, federally supported 金融 aid). 所有这些情况, including existing systems, 必须记录在案, 综述了, 并由资讯科技学院助理副校长或指定人员批准.
One Request Per Application
你所拥有的每一份申请都必须提出豁免申请, 运行, and/or utilize if that application uses SSNs. The application may be specific to the function of your office. 它可能是一个带有关联数据库和/或数据文件的“影子系统”. It may be a test version of an application. Or it may be a Word document or Excel Spreadsheet. (State law prohibits the use of employee SSNs to identify 员工 except for those uses required for tax and benefit purposes.)
New 应用程序 Require New Requests
豁免申请必须为任何新的应用程序,将利用SSN. 豁免申请应在购买申请前提交. 在测试版本的申请将要求其自己的豁免请求.
自动豁免
Employees with accounts for accessing SAP/HR and SIS do no need to request exemptions for SAP/HR or SIS access. 如果您从SAP/HR和/或SIS提取ssn并将这些ssn存储在电子设备上, 比如你的桌面, 网络存储, 闪存驱动器, 或其他移动设备, you must submit an exemption request.
年度更新
豁免期为一年,并将每年进行审查. Exemptions must be submitted annually.
Protecting the nonpublic personal information of our 员工 and students is an important responsibility. 下面列出的做法可以帮助我们确保信息得到保护.
电子邮件 is a primary method for attacking your computer. 攻击者很容易发送会感染您的计算机的消息, even if you do not read or preview it. This is why antivirus software is essential.
Use encrypted email or do not send confidential information.
Do not open attachments you are not expecting.
Do not click on links to web pages that arrive in email.
向ITS服务台报告您收到的任何可疑电子邮件信息.
Never respond to spam—even to “unsubscribe.”
Sensitive communication via email poses real risks. 最常见的泄露是由于电子邮件意外发送给了错误的人. 因此,在处理含有敏感信息的电子邮件时要特别小心. For highly sensitive data, choose methods other than email.
Use special care when faxing sensitive information. Be sure that the fax number is correct and that someone on the other end will promptly retrieve the faxed document.
Use special care when handling paper documents. 当你离开时,不要把有社会安全号码的文件放在你的桌子上. Do not share social security 数字 over the telephone when your conversation can be overheard by others.
Choose a strong password—one that is difficult to guess. 如果您认为您的密码已被泄露或共享,请立即更改密码.
不要共享密码,不要让任何人在你登录的电脑上工作.
Recognize when your computer may be compromised. It is often difficult to recognize when your computer system has suffered a security compromise. If you notice your computer behaving slowly, 自动重启, or exhibiting any unusual behavior, notify an IT support person.
Avoid risky web and email activities:
对要求你提供个人信息的电子邮件和网站要持怀疑态度, such as social security number, to download software or files.
Confirm that an embedded web link in the body of an email goes where it is expected to go before you click on it.
“Free stuff on the Internet is like candy from a stranger.” Be aware that seemingly harmless games, 公用事业公司, and other “fun stuff” can work behind the scenes and install spyware or other malicious software (malware) on your computer. 它们可以藏匿病毒,甚至打开一个“后门”,让你进入你的电脑.
Identity theft is the intentional use or theft of a person’s private information to obtain goods or 服务. Any purchase at a web site or any online transaction, 比如网上银行, increases your risk of identity theft. 采取预防措施,确保您的私人信息的机密性.
Only download from well-known software vendors.
Any security incidents involving systems that 商店 and/or have access to social security number must be reported promptly to the Information 技术 服务 Helpdesk. Security incidents include, but are not limited to, 病毒感染, 间谍软件感染, rootkit, compromises such as hacks and inappropriate use, and lost media or lost computing devices.
This checklist is provided as a tool to help you in making sure your department is complying with the University's Social Security Number Usage Policy.
Review your security processes and procedures annually.
应用程序, 服务, 或者是收集, 商店, or transmit social security 数字 can not be commissioned without written approval from the Assistant Vice Chancellor for Information 技术.
Annually update the departmental inventory of documents, both paper and electronic, containing social security number.
Maintain an access control list to identify each person with authorized access to social security 数字.
Strong passwords are recommended. They are difficult for a human or a computer program to guess and have letters in both upper and lower case, 数字, 和特殊字符, 并且不要包含字典中找到的单词或用户自己名字的一部分.
Accounts should not be shared among users.
Generic accounts should not be utilized.
应该使用定时锁定机制,例如需要重新身份验证的屏幕保护程序.
Passwords must be changed any time a system is compromised.
存储社会安全号码的服务器必须得到适当的保护和管理.
存储社保号码的服务器必须位于ITS服务器机房. 信息技术助理副校长可批准例外情况.
Servers may be periodically scanned to verify that social security 数字 are not being 存储 in an unsecured manner.
存储社会安全号码的服务器会定期接受漏洞扫描.
Servers should support a single application.
禁止将服务器用于其预期用途以外的任务.
All servers that 商店 social security 数字 must have antivirus software enabled and updated.
存储社会安全号码的工作站必须得到适当的保护和管理.
Workstations and portable devices storing social security 数字 must use full disk encryption. 这适用于所有设备,无论它们是由bet36365体育还是由用户拥有. 数据加密标准将由资讯科技署指定.
Workstations may be periodically scanned to verify that social security 数字 are not being 存储 in an unsecured manner.
存储社会安全号码的设备会定期接受漏洞扫描.
All workstations that 商店 social security 数字 must have antivirus software enabled and updated.
If social security 数字 are accessible over a network, connections that will encrypt the data during transfer, 例如VPN, 安全FTP, Secure emulation software, 或SSL. Note that a remote desktop is not a VPN.