Kebijakan Nomor iden Pribadi

DejL...62PT
27 Dec 2023
35

Kebijakan Nomor Identifikasi Pribadi

ALASAN KEBIJAKAN

New York University mengumpulkan, memelihara, dan menggunakan informasi rahasia yang dapat diidentifikasi secara pribadi berkaitan dengan mahasiswa, dosen, dan anggota tenaga kerja lainnya, serta individu lain yang terkait dengan Universitas. Kemampuan untuk mengidentifikasi individu dan menghubungkan informasi dengan individu sangat penting baik bagi Universitas maupun orang tersebut. Universitas mempunyai kewajiban untuk memastikan privasi dan penanganan yang tepat atas nomor identifikasi pribadi dan melindunginya dari akses dan penggunaan yang tidak tepat.

SIAPA YANG TERKENA DAMPAK KEBIJAKAN INI 

Kebijakan ini berlaku untuk semua anggota komunitas Universitas dan mencakup penggunaan, tampilan, penyimpanan, penyimpanan, dan pembuangan nomor identifikasi pribadi dalam bentuk cetak atau elektronik. Nomor identifikasi pribadi adalah Nomor Jaminan Sosial (SSN), nomor identifikasi Universitas New York (UID), dan NetID. Anggota komunitas Universitas mencakup karyawan penuh dan paruh waktu (seperti staf dan administrator), dosen, dan mahasiswa, serta individu lain (seperti kontraktor, konsultan, alumni, dan afiliasi) yang terkait dengan Universitas.

PERNYATAAN KEBIJAKAN

Members of the University community shall employ reasonable and appropriate administrative, technical, and physical safeguards to protect the integrity, confidentiality, and security of the personal identification numbers (SSNs, UIDs, and NetIDs) they handle, store, and/or transmit or to which they otherwise have been given or have gained access.
In adopting this policy, the University is guided by the following objectives:

  1. To ensure that the necessary awareness and procedures exist so that all members of the University community comply with both the letter and the spirit of the federal and state privacy legislation;
  2. To inculcate broad awareness of the confidential nature of the SSN;
  3. To reduce reliance for identification purposes on the SSN in favor of the UID;
  4. To establish a consistent policy towards and treatment of SSNs throughout the University;
  5. To ensure that access to SSNs for the purpose of conducting University business is granted only to the extent necessary;
  6. To enhance and preserve individual privacy for members of the University community through the confidential handling of personal identification numbers;
  7. To use, throughout the University, a unique UID that serves as the primary identification element for persons associated with NYU and be applicable across the entire NYU enterprise; and
  8. To ensure that each member of the University community takes full responsibility for any activity done under that individual’s NetID.

The following campus officials are responsible for SSN and UID oversight in their respective areas of University operations. That responsibility extends to promoting awareness of this Policy and establishing procedures for protecting these data. Activities of these officials are aligned and integrated through a coordinating task force.

  1. Alumni: Senior Vice President for Development and Alumni Relations
  2. Students: University Registrar
  3. Prospective students and applicants: Vice President for Enrollment Management
  4. Faculty, Visiting Scholars, and researchers: Vice Provost for Faculty, Arts, Humanities and Diversity
  5. Employees and prospective employees: Vice President, Human Resources
  6. All other affiliated individuals: Vice President for Global Campus Safety

The Office of the Vice President, Information Technology & Global University Chief Information Officer is responsible for overseeing use of the NetID in University operations.

POLICY REQUIREMENTS

A. Social Security Numbers

1. Provision of Information

a) NYU collects SSNs:
    i. When it is required to do so by law;
    ii. When no other identifier serves the business purpose; and
    iii. When an individual volunteers the SSN as a means of locating or confirming personal records.
b) In other circumstances, individuals are not required to provide their SSN, verbally or in writing, at any point of service, nor are they to be denied access to those services should they refuse to provide an SSN.
c) SSN collection must be approved by the appropriate campus official (see Policy Statement above). When an SSN is requested, NYU informs the individual whether the disclosure is mandatory or voluntary, by what authority, and what uses will be made of the SSN.

2. Release of SSNs

SSNs will be released by NYU to persons or entities outside the University only:
a) As required by law; or
b) When permission is granted by the individual; or
c) When the external entity is acting as the University’s authorized contractor or agent and attests that no other methods of identification are available and that reasonable security measures are in place to prevent unauthorized dissemination of SSNs to third parties; or
d) When the NYU Office of General Counsel has approved the release.

3. Use, Display, Storage, Retention, and Disposal

a) SSNs will not be used by NYU to identify individuals except as required by law or for a University business purpose.
b) The release or posting of personal information, such as grades, keyed by the SSN or any portion thereof, is prohibited.
c) SSNs will be transmitted electronically only for business purposes approved by the officials responsible for SSN oversight and only through secure mechanisms approved by the Office of the Vice President, Information Technology and Chief Information Officer.
d) The campus officials responsible for SSN oversight will establish business rules for the use, display, storage, retention, and disposal of any document, item, file, or database which contains SSNs in print or electronic form.

B. New York University Identification Numbers

1. Assignment Eligibility and Issuance

a) The UID is a unique alphanumeric assigned by the University to any member of the University community who requires an identifying number in any University system of records.
b) A UID is assigned at the earliest possible point of contact between the individual and the University.
c) The UID is associated permanently and uniquely with the individual to whom it is assigned.

2. Use, Display, Storage, Retention, and Disposal

a) The UID is considered personally identifiable information by the University, to be used for appropriate business purposes in support of University operations.
b) The UID is used to identify, track, and service individuals across all University electronic and paper data systems, applications, and business processes throughout the span of an individual’s association with the University and presence in the University’s records.
c) The UID is not to be disclosed or displayed publicly by the University, nor to be posted on University electronic information or data systems unless the UID is protected by access controls that limit access to properly authorized individuals.
d) The UID is imprinted and encoded on the official University photo identification card known as the NYUCard. The NYUCard is the principal means of physical identification at the University, and the use of the NYUCard by the cardholder, whether by physical display or when swiped at an electronic reader, will constitute a voluntary disclosure of the UID.
e) The release or posting of personal information keyed by the UID, such as grades, is prohibited.
f) Any document, item, file, or database that contains UIDs in print or electronic form is to be disposed of in a secure manner.

C. NetIDs

1. Assignment Eligibility and Issuance

a) The NetID is a unique alphanumeric assigned by the University to an individual.
b) The NetID is assigned to all persons who may require access to electronic services at the University, including students, faculty, staff, administrators, and other individuals (such as contractors, consultants, alumni, and affiliates) associated with the University.
c) The NetID is permanently and uniquely associated with the individual to whom it is assigned.

2. Use, Display, Storage, Retention, and Disposal

a) The NetID is considered personally identifiable information by the University.
b) The NetID is used, in conjunction with an individually set password, as an authenticated identifier for on-line transactions and may be used, in addition to the UID, to identify and track individuals within the University systems, applications, and business processes.
c) Use of the email address (NetID@nyu) constitutes a voluntary disclosure of the NetID.
d) The NetID is imprinted on the official University photo identification card known as the NYUCard. Physical display of the NetID as printed on the NYUCard by the cardholder constitutes a voluntary disclosure of the NetID.
e) The release or posting of personal information keyed by the NetID, such as grades, is prohibited.
f) Any document, item, file, or database that contains NetIDs in print or electronic form is to be disposed of in a secure manner.

D. Responsibility for Maintenance and Access Control

  1. The University-wide UID and the NetID Registries are maintained and administered by NYU Information Technology (NYU IT). Other University offices may maintain and administer electronic and physical repositories containing personal identification numbers for uses in accordance with this policy.
  2. Access to electronic and physical repositories containing SSNs, UIDs, and NetIDs will be controlled based upon reasonable and appropriate administrative, physical, technical, and organizational safeguards. Such repositories will be backed up and stored in a secure manner.
  3. Individuals who inadvertently gain access to a file or database that contains SSNs or UIDs for which they have not been authorized shall report it immediately to NYU IT Office of Information Security (security@nyu.edu).

E. Enforcement

Violations of this policy resulting in misuse of, unauthorized access to, or unauthorized disclosure or distribution of personal identification numbers may subject individuals to disciplinary action, up to and including the termination of employment or contract with the University, or, in the case of students, suspension or expulsion from the University.

Notes

TOP

  1. Dates of official enactment and amendments: Feb 6, 2006
  2. History: Last Review: September 10, 2021. Last Revision: June 12, 2019.
  3. Cross References: N/A

About This Policy

Effective Date
Feb 6, 2006
Supersedes
N/A
Issuing Authority
Executive Vice President
Responsible Officer
Vice President for Information Technology and Global University Chief Information Officer
Definitions
Related Policies

CONNECT WITH NYU
MAIN CAMPUSES

New York University

Unless otherwise noted, all content copyright New York University. All rights reserved.

Write & Read to Earn with BULB

Learn More
Enjoy this blog? Subscribe to ibongatun

1 Comment

B
No comments yet.
Most relevant comments are displayed, so some may have been filtered out.