To summarize the policy and procedures required to comply with the Illinois Identity Protection Act (5 ILCS 179/1, et seq.).
In furtherance of the Information Security Policy for Northern Illinois University (University or NIU), and in accordance with the Illinois Identity Protection Act (5 ILCS 179/1, et seq.), NIU establishes this Identity-Protection Policy to protect social security numbers from unauthorized use or disclosure. This policy is applied in conjunction with the University’s existing policies and practices, as well as State and federal laws, on (1) protecting the confidentiality of social security numbers, and (2) reducing the opportunity for identity theft at Northern Illinois University. Any University policy, State law or federal law that adopts standards for the collection, use or disclosure of social security numbers that are stricter than the standards outlined in this policy or the Illinois Identity Protection Act with respect to the protection of those social security numbers shall control. This policy does not apply to the collection, use, or disclosure of a social security number as required by State or federal law, rule or regulation.
The use of social security numbers at Northern Illinois University must be in furtherance of the operations and business of the University and not for the personal use or benefit of individual employees at the University. Only NIU employees who are required to use or handle information for documents that contain social security numbers can have access to such information or documents. Northern Illinois University will not use or disclose the social security number for any purpose other than the purpose for which it was collected, unless otherwise expressly allowed under this Policy or State and federal law, rule or regulation. Northern Illinois University will not collect, use, or disclose a social security number from an individual, unless:
Northern Illinois University may collect, use, or disclose social security numbers under the following circumstances or situations:
Social security numbers that are requested by Northern Illinois University from an individual must be placed on records/documents or stored in a manner that makes the social security number easily redacted if required to be released as part of a public records request. If there is a request to inspect or copy records under the Illinois Freedom of Information Act or any other federal or state law, the University must redact social security numbers from the information or documents before allowing inspection or copying. Those University entities that utilize or participate in a national unique patient health identifier program, as established under federal law, will be considered in compliance with this Policy and the Illinois Identity Protection Act.
Unless otherwise expressly allowed under this Policy or State or federal law, rule or regulation, Northern Illinois University WILL NOT:
Disposal and retention of all records should occur in accordance with University Retention Guidelines available at www.compliance.niu.edu/RecordsRetention/Index.cfm. Prior to disposing of documents contained in these guidelines, departments must request permission to destroy from Human Resource Services and receive a certificate back from the State of Illinois. Questions regarding this process should be directed to Human Resource Services at 815-753-6000.
Additional protocols apply to the disposal of information containing personal information. All materials containing personal information must be disposed of in a manner that ensures that personal information is not readable, usable, and decipherable. Proper disposal includes, but is not limited to the following:
Any department disposing of materials containing personal information may, utilizing the University Procurement process, contract with a third party for disposal. It is the department’s responsibility to ensure that the third party implements and monitors compliance with these policies and procedures and prohibits unauthorized access to or acquisition of or use of personal information during the collection, transportation, and disposal of materials containing personal information.
All employees of Northern Illinois University identified as having access to social security numbers in the course of performing their duties will be trained to protect the confidentiality of social security numbers in accordance with the provisions of this policy. Such training will include instructions on proper handling of information that contains social security numbers from the time of collection through the destruction of the information.
Northern Illinois University Records Retention Guidelines