Student ID Number and Social Security Numbers
See also: Administrative Policies and Procedures Manual - Policy 2030: Social Security Numbers
Date Originally Issued: 06-01-2008
Authorized by RPM 3.1 ("Responsibilities of the President")
Process Owner: Chief Information Officer
Student ID Numbers and Social Security Numbers From the Registrar's Office:
Prior to the Fall Semester 2006, the University of New Mexico used the individual student's social security number as the student's identification number at the University. This number is used for record-keeping purposes only. The authority to use the social security number came from the Board of Regents and was adopted on March 24, 1967
The University of New Mexico is discontinuing the use of Social Security Numbers to identify student accounts. When doing business with UNM, you may be asked for your UNM ID Number, your Student ID Number, or your Banner ID number. These numbers are the same.
Your UNM ID appears in the top right corner of the screen when you are logged into LoboWeb. You can also find your UNM ID by visiting Demographic Self-Service and logging in with your NetID and password. Click on the Demographic Information link. Your UNM ID will be shown on that page.
Social Security Numbers
University Business Policies and Procedures Manual 2030
Effective Date: 06/01/08
Authorized by Regents Policy 3.1 "Responsibilities of the President"
1. General
The University of New Mexico (UNM) collects and maintains confidential information, including social security numbers (SSNs) of its students, staff, faculty and individuals associated with the University. "Information Security," Policy 2550, UBP(proposed draft policy), describes the basic components of the UNM Information Security Program which all applies to employees (student, staff, and faculty), contractors, vendors, volunteers, and all other individuals who work with UNM data and information. This policy defines additional requirements applicable to SSNs. UNM recognizes the importance of the proper handling of SSN’s in order to protect personal privacy and minimize the growing risks of fraud and identity theft. The Federal Privacy Act of 1974 (5 U.S.C. Sec. 552a) is the federal law that regulates the collection of SSNs. This law makes it illegal for federal, state or local government agencies to deny any rights, benefits or privileges to individuals who refuse to disclose their SSNs unless the disclosure is required by federal statute or the disclosure is to an agency for use in a record system which required the SSN before 1975. This Act applies to UNM. The Federal Privacy Act also requires that any agency that requests SSNs must inform individuals asked:
- whether the disclosure is mandatory or voluntary;
- what the authority is for requesting the SSN;
- what uses will be made of the information; and
- the consequences, if any, of failure to provide the information.
2. Collection of Social Security Numbers
Where IRS or other federal regulations require UNM to report SSN, we require individuals to provide us with that information.
2.1. Notification Statement
In all instances when UNM requests an individual to supply his/her SSN, it must indicate in writing:
- whether the disclosure is mandatory or voluntary;
- by what authority the number is requested;
- the uses which will be made of it; and
- the consequences, if any, of failure to provide the SSN. All statements must be approved in advance by the Office of University Counsel.
2.2. Employees
Employees are required to provide their SSNs on payroll/personnel, health insurance, and retirement forms.
2.3. Students
Students are required to provide their SSNs for admission, financial aid, and student housing contracts. Students unable to provide a SSN will be assigned an alternative number.
2.4. Patients
Patients of University Hospital and medical clinics are required to provide their SSNs on inpatient and outpatient registration forms.
2.5. Other Individuals
Other forms that request disclosure of SSNs, and proposals by departments to collect SSNs for any purpose must be approved in advance by Office of University Counsel. The provision of SSNs in such cases must be strictly voluntary and individuals who decline to disclose the number may not be denied any rights, benefits or privileges.
3. Disclosure of SSNs by UNM
An individual's SSN is personal information and shall not be released by UNM to outside individuals or entities, except:
- as allowed or required by law;
- when permission is granted by the individual;
- when the outside individual or entity is acting as UNM's contractor or agent and appropriate security measures are in place to prevent unauthorized dissemination to third parties; or
- when the Office of University Counsel has approved the release.
4. UNM Identification Numbers
UNM does not use SSNs as primary identifiers for students or employees. Any exception must be approved in writing by the cognizant vice president and the University Chief Information Officer (CIO). Students and employees are assigned a unique randomly-generated identification number to allow access to records and to transact business with UNM. These numbers remain the property of, and are subject to, UNM's rules. UNM identification numbers are not accorded the same confidential status as SSNs.
5. Use of SSNs
The following guidelines must be followed by UNM employees with access to SSNs:
- SSNs will be transmitted electronically only through secure mechanisms as determined by ITS;
- paper and electronic documents containing SSNs will be disposed of in a secure fashion; and
- student grades and other pieces of personal information will not be publicly posted or displayed using either the complete or partial SSN for identification purposes.
6. Report Collection, Use, and/or Storage of SSNs
Departments that collect, use and/or store SSNs must submit a report to the Director of Information Assurance documenting the reason for collection, the handling processes in place to ensure protection of SSNs, and the notification statement required by Section 2.1. herein. Reports must be made no later than September 30, 2008, or within ninety (90) days of beginning collection, use, and/or storage of SSNs, whichever is later. In addition, departments must review SSN procedures annually and report any changes to the Director of Information Assurance.