36.4 User Responsibilities

(Amended 7/16)

1. All departments are expected to eliminate storage of SSNs in local databases, desktops, and laptop computers. Departments or individuals that have a business requirement to maintain SSNs must comply with all applicable  University information security policies and associated security practices as described in University Security Standards. Any University employee storing SSN information on a computer that does not meet the requirements of this policy may be subject to disciplinary action consistent with II-19.5 Acceptable Use of Information Technology Resources: Administration and Enforcement.
2. All University computer systems, including local servers, desktops, laptops, or other storage devices, are subject to periodic assessment by the Information Security and Policy Office to ensure appropriate protections are in place.