A custodian is a person who possess or is responsible for controlling access to a record or a collection of records that contain social security numbers (SSN) or personal identifying information (PII). To determine if you are a custodian, follow the “Am I a Custodian?” checklist.
If you are a Custodian of SSN or PII you must:
- Try to REDUCE the number of copies of SSN or PII that you are keeping. Review the Policy on Retention of University Records. It is especially important to reduce the number of places that electronic copies are stored. Contact a Privacy Officer or Information Security Officer for assistance in this effort.
- PROTECT SSN and PII:
- Electronic copies containing this information must be stored only in designated data centers of the University or in another secure location as authorized by a University Privacy Officer, or in encrypted or other secure form
- Paper copies containing this information must be either attended or stored in locked rooms or locked cabinets at all times
- DISPOSE of SSN and PII in a secure manner, one that makes the information unreadable and unrecoverable.
In addition, a Custodian of SSN must:
- REPORT to a Privacy Officer the location and method by which SSN information is stored, the legal or University purpose that justifies its retention, and the protections that are in place to assure confidentiality and prevent misuse.
- ACKNOWLEDGE in WRITING to a Privacy Officer that he/she has read the Policy on Social Security Number and Personal Identifying Information and agrees to be responsible for compliance with this Policy with respect to SSN information in his/her custody.