ORI Purpose
ORI FAQs
The Guide
Best Practices Toolkit
Human Stem Cell Policy
Misconduct Policy
Copyright Policy
Conflict of Interest Policy
Training & Education
Risk Assessment
Staff
Contact Us
Useful Links
ORI HOT TOPIC
Secure Handling of Social Security Numbers: Applicability to Human Subjects Research
Northwestern University has recently clarified standards regarding the use and secure handling of social security numbers.
Policy Statement
Social security numbers may not be captured, retained, communicated, transmitted, displayed or printed in whole or in part, except where required or permitted by law, and in accordance with the standards outlined in this policy.
Read full policy here
How does this apply when using personal identification information for human subjects in research?
- Where permitted by law and University policy, the SSN may be stored as a confidential attribute associated with an individual or may be used as an optional key to identify individuals for whom a primary identifier is not known.
- You must apply for an exception using an Exception Request Form if you plan to use a social security number as a personal identifier
- There are specific retention and access standards for the storing of social security numbers.
Approved Uses of SSN
- University offices may not collect SSNs for purposes other than those noted in Section 9, Standards.
- The primary uses and reasons for the continued capture, storage, retention and processing of SSN data are identified and documented in the "Approved Uses of SSNs - Appendix B." (pdf) Typically, processes that access historical SSN data, or require or permit continued use of SSN data, are described here. Additional processes may be added to the appendix by contacting ISS/C.
Exception Process and Form
- Any office intending other use of SSN data must request an exception to the policy (see Section 13, Exception Process). Any request for exception to this policy should be submitted to Information and Systems Security/Compliance (ISS/C) using the form described in "Exception Request - Appendix A."
- ISS/C will coordinate requests for exception to this policy and contact the respective policy owner, data steward and other authorities as deemed appropriate for consideration and discussion of the exception request.
- Request forms must be completed fully; incomplete forms will be returned without processing. Requestors will be provided with a decision within ten (10) working days from receipt of the completed request.
For more information:
Northwestern University Information Technology (NUIT) Information and Systems Security/Compliance (ISS/C) is the owner of this policy. Please contact ISS/C for more information.
Teaching Research Ethics (TRE)Workshop!
Training & Education | Risk Assessment | Staff | Contact Us | Useful Links |
Northwestern Home | Calendar: Plan-It Purple | Sites A-Z | Search
Mailing address:
Chicago: 312.503.0054 | Email: nu-ori@northwestern.edu
Last modified: 06/05/08 | World Wide Web Disclaimer and University Policy Statements | © 2006 Northwestern University