Skip to main content
West Virginia University Information Technology Services
Get Help

Social Security Number Protection Policy

Policy Number: 1.11.3.2
Category: Information Privacy
Effective: January 12, 2023
Revision History: Originally effective April 2, 2015; updated January 29, 2018
Review Date: January 11, 2026

  1. PURPOSE AND SCOPE

    1. West Virginia University, West Virginia University Institute of Technology, and Potomac State College of West Virginia University (“University”) recognizes that it collects and maintains confidential information relating to its students, employees, and individuals associated with it. The University is committed to maintaining the privacy and confidentiality of an individual’s Social Security number (“SSN”).
    2. The purpose of this Policy is to establish the responsibilities of all University organizational units regarding the use and protection of SSNs.
    3. This Policy applies to all University staff, faculty, and students as well as any Authorized Individuals that have access to, collect, or use an individual’s SSN.

  2. Use of Social Security Numbers at the University

    1. The WVUID will act as the primary identifier used by the University in all information systems and as the primary identifier in electronic communications. The University will discontinue the use of SSN as the primary identifier in all instances except where required by federal or state law. Faculty, staff, students, organizational units, and third parties working for and with the University will not solicit SSNs except when required by federal or state law.
    2. All University units are expected to follow published procedures in maintaining the security and privacy of SSN data. Units and individuals are also expected to follow policy and procedures maintained by Information Technology Services, and WVU designated data custodians related to the collection, dissemination and security of SSN data.
    3. Units or individuals responsible for breaching the privacy of another person by improperly obtaining, using, or disclosing a SSN are subject to appropriate disciplinary action.
    4. If SSNs are inappropriately disclosed, Information Security Services and the Office of General Counsel must be notified within 24 hours of the discovery of the release by submitting an Incident Report Form.

  3. Expectations of University Units

    1. The following applies to all University organizational units:
      1. Employees and students shall comply with the provisions of this Policy and other related institutional policies and procedures.
      2. Employees may not request an individual’s SSN unless the request is part of their job duties and required by federal or state law.
      3. Employees and students shall not disclose the SSN of another person except when required by federal or state law.
      4. Employees and students may not seek out or use the SSN of another person for their personal advantage.
      5. Employees responsible for the maintenance of records containing SSNs shall observe all University policies and procedures in order to protect the confidentiality of such records.
      6. Employees and units shall report promptly to Information Security Services and their supervisors any inappropriate disclosure of a SSN by completing an Incident Report Form.
      7. Employees and units shall identify and report to Information Security Services any current process using SSNs that are not used as required by federal or state law.
      8. Employees and units shall report to Information Security Services improper storage of SSNs (e.g., SSNs stored on a computer’s desktop or on removable media).

  4. DEFINITIONS

    1. “Authorized Individuals” means University faculty, staff, students, or third-parties who have assigned WVU Login credentials that provide access to University technology resources and data.
    2. “Data Custodians” means University executive officers or their designees who have planning and policy-level responsibilities for data in their functional areas and have management responsibilities for recognized University Information Systems.
    3. “Electronic Communications” means communications that have been designated as not being secure (e.g., email, public websites, and all forms of social media).
    4. “Personally Identifiable Information (PII)” means any information that that can be used to identify an individual either alone or when combined with other personal information. PII the University considers Sensitive is identified within the Sensitive Data Policy and includes, Social Security numbers, driver’s license numbers, passport or visa numbers, biometric images, and WVU Login credentials.
    5. “University Operations” means operations designated as essential to the administrative needs of employees and operations designed as essential to the academic needs of students.
    6. “WVUID” means the University’s primary identifier for all University Information Systems and electronic communications.

  5. Enforcement and Interpretation

    1. Any employee who violates this Policy will be subject to appropriate disciplinary action.
    2. Any student who violates this Policy will be subject to appropriate disciplinary action in accordance with the Student Code of Conduct.
    3. Any individual affiliated with the University who violates this Policy will be subject to appropriate corrective action, including, but not limited to, termination of the individual’s relationship with the University.
    4. The University’s Chief Information Officer, supported by the Chief Information Security Officer, will coordinate with appropriate University entities on the implementation and enforcement of this Policy.
    5. Responsibility for interpretation of this Policy rests with the Chief Information Officer.

  6. Authority and References

    1. BOG Governance Rule 1.11 Information Technology Resources and Governance
    2. All other University policies are also applicable to the electronic environment. Relevant institutional policies include, but are not limited to:
      1. Information Privacy Policy
      2. Sensitive Data Policy
      3. Sensitive Data Protection Standard
      4. Record Retention Policy & Schedule
      5. Faculty Handbook
      6. Code of Student Rights and Responsibilities (Code of Conduct)
      7. WVU Talent and Culture Policies

Connect With Us

Service Desk Hours and Contact

Service Desk Hours

Monday – Friday: 7:30 a.m. – 8 p.m.
Saturday and Sunday: Noon – 8 p.m.

Closed on official University holidays.

Contact Us

Information Technology Services
One Waterfront Place
Morgantown, WV 26506

(304) 293-4444 | 1 (877) 327-9260
ITSHelp@mail.wvu.edu

Get Help

Maintenance Schedule

To function effectively and securely, applications and the systems that support them must undergo regularly planned maintenance and updates.

See Schedule