Skip to Search Skip to Global Navigation Skip to Local Navigation Skip to Content
Handbook of Operating Procedures
Chapter 11 - Information Technology
Previous Publication Date: June 10, 2004
Publication Date: August 2, 2022
Policy Reviewed Date: November 27, 2023
Policy Owner: VP for Information Technology


11.08 Confidentiality of Personal Identification Numbers


I. POLICY STATEMENT


It is the policy of The University of Texas at San Antonio (UTSA) to protect the confidential nature of social security numbers and other Personal Identification Numbers maintained by UTSA.


II. RATIONALE


Data Users shall access Data to only conduct university business and as permitted by applicable confidentiality and privacy laws. The prohibition of the release of Personal Identification Numbers is in compliance with international, state, and federal privacy laws and also minimizes the risk of identity theft.


III. SCOPE


This policy applies to all UTSA Employees, which includes but is not limited to faculty, staff, and external individuals or organizations with whom UTSA has a contractual relationship.


IV. WEBSITE ADDRESS FOR THIS POLICY


http://www.utsa.edu/hop/chapter11/11.08.html


V. RELATED STATUTES, POLICIES, REQUIREMENTS OR STANDARDS

  1. Family Educational Rights and Privacy Act of 1974 (FERPA), as amended in 2000
  2. Copyright Act of 1976, as amended.
  3. Foreign Corrupt Practices Act of 1977, as amended in 1988.
  4. Computer Fraud and Abuse Act of 1986, as amended in 1996.
  5. Computer Security Act of 1987.
  6. The Health Insurance Portability and Accountability Act of 1996 (HIPAA).
  7. USA PATRIOT Act of 2001.
  8. The State of Texas Public Information Act.
  9. Texas Government Code, Section 441.
  10. Texas Administrative Code 1 TAC 202.
  11. IRM Act, 2054.075(b).
  12. The State of Texas Penal Code, Chapters 33 and 33A.
  13. DIR Practices for Protecting Information Technology Resources Assets.
  14. DIR Standards Review and Recommendations Publications.
  15. The University of Texas System Information Technology Resources Use and Security Policy (UTS165).
  16. UTSA Student Code of Conduct and Judicial Procedures Sections 201, 202, 203.
  17. UTSA Code of Ethics, Chapter 4, Handbook of Operating Procedures.
  18. UTSA Security Standards.

VI. CONTACTS


If you have any questions about Handbook of Operating Procedures policy 11.08, Confidentiality of Personal Identification Numbers, contact one of the following offices:

  1. Office of Information Security
    210-458-7974
    informationsecurity@utsa.edu
  2. UTSA Tech Solutions
    210-458-4555
    TechCafe@utsa.edu  

VII. DEFINITIONS


  1. Employee
    1. All UTSA employees holding either a full-time or part-time position at UTSA, whether the position is filled or to be filled by a regular or temporary worker and includes student workers.
  2. Personal Identification Numbers
    1. Social Security Numbers; personally identifiable Medical and Medical Payment information; Driver’s License Numbers and other government-issued identification numbers; Education Records subject to the Family Educational Rights & Privacy Act (FERPA); credit card or debit card numbers, plus any required code or PIN that would permit access to an individual’s financial accounts; bank routing numbers; and other UTSA Data about an individual likely to expose the individual to identity theft.

VIII. RESPONSIBILITIES


  1. Employees
    1. Employees shall comply with these provisions and related UTSA policies and procedures.
    2. Employees shall not request disclosure of Personal Identification Numbers if it is not necessary and relevant to the purposes of UTSA and the particular function for which the Employee is responsible.
    3. Employees must not disclose Personal Identification Numbers to unauthorized persons or entities.
    4. Employees shall not seek out or use Personal Identification Numbers relating to others for their own interest or advantage.
    5. Employees responsible for the maintenance of records containing Personal Identification Numbers shall observe all administrative, technical, and physical safeguards established by UTSA in order to protect the confidentiality of such records.
    6. Employees shall promptly report inappropriate disclosure of Personal Identification Numbers to their supervisors and/or the Business Information Systems Coordinator (formerly the Social Security Number Coordinator). Reporting by the Employee may also be anonymous, in accordance with UTSA's Compliance Program, if the employee so chooses. Retaliation against an employee who in good faith reports an inappropriate disclosure of Personal Identification Numbers is prohibited.
  2. Business Information System Coordinator
    1. The Business Information Systems Coordinator interprets rules of conduct and is required to comply with all standards established for their use and is responsible to be informed of these standards, rules, and practices.
    2. The Office of Information Security (OIS) develops and promotes additional standards and requirements.

IX. PROCEDURES


None

X. SPECIAL INSTRUCTIONS FOR IMPLEMENTATION


None


XI. FORMS AND TOOLS/ONLINE PROCESSES


None

XII. APPENDIX


None


XIII. Dates Approved/Amended


08-02-2022
06-10-2014