The collection, storage, use, and disclosure of social security numbers by the System shall be consistent with State and federal laws. The goals for managing the System's collection, storage, use, and disclosure of social security numbers are to:
- Limit all activities involving social security numbers to those circumstances that are authorized by State or federal law.
- Protect each social security number collected or maintained by the System from unauthorized disclosure.
The Director is responsible for ensuring that the System complies with the Identity Protection Act, 5 ILCS 179/. Compliance measures shall include each of the following:
- All employees having access to social security numbers in the course of performing their duties shall be trained to protect the confidentiality of social security numbers. Training should include instructions on the proper handling of information containing social security numbers from the time of collection through the destruction of the information.
- Only employees who are required to use or handle information or documents that contain social security numbers shall have access to such information or documents.
- Social security numbers requested from an individual shall be provided in a manner that makes the social security number easily redacted if the record is required to be released as part of a public records request.
- When collecting a social security number or upon request by an individual, a statement of the purpose(s) for which the System is collecting and using the social security number shall be provided.
- All employees must be advised of this policy's existence and a copy of the policy must be made available to each employee. The policy must also be made available to any member of the public, upon request.
No System employee shall collect, store, use, or disclose an individual's social security number unless specifically authorized by the Director. An employee who has substantially breached the confidentiality of social security numbers may be subject to disciplinary action or santions up to and including dismissal in accordance with District policy and procedures.
LEGAL REF.: 5 ILCS 179/, Identity Protection Act.
CROSS REF: 2:250 (Access to System Public Records), 5:150 (Personnel Records), 7:340 (Student Records)
ADOPTED: May 19, 2011